Merge "Enforce secure FRP mode while changing credentials" into rvc-dev am: 0424c5cb62

Change-Id: I7cedc10e4993c6348bfe3284d4daed05759174d4
2020-03-17 17:44:55 +00:00
parent a8069b3738 0424c5cb62
commit 0ba1b88fc3
4 changed files with 43 additions and 0 deletions
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -530,6 +530,11 @@ public class LockSettingsService extends ILockSettings.Stub {
            return Settings.Global.getInt(contentResolver, keyName, defaultValue);
        }

+        public int settingsSecureGetInt(ContentResolver contentResolver, String keyName,
+                int defaultValue, int userId) {
+            return Settings.Secure.getIntForUser(contentResolver, keyName, defaultValue, userId);
+        }
+
        public @NonNull ManagedProfilePasswordCache getManagedProfilePasswordCache() {
            try {
                java.security.KeyStore ks = java.security.KeyStore.getInstance("AndroidKeyStore");
@@ -1010,6 +1015,13 @@ public class LockSettingsService extends ILockSettings.Stub {
        }
    }

+    private void enforceFrpResolved() {
+        if (mInjector.settingsSecureGetInt(mContext.getContentResolver(),
+                Settings.Secure.SECURE_FRP_MODE, 0, UserHandle.USER_SYSTEM) == 1) {
+            throw new SecurityException("Cannot change credential while FRP is not resolved yet");
+        }
+    }
+
    private final void checkWritePermission(int userId) {
        mContext.enforceCallingOrSelfPermission(PERMISSION, "LockSettingsWrite");
    }
@@ -1572,6 +1584,7 @@ public class LockSettingsService extends ILockSettings.Stub {
                    "This operation requires secure lock screen feature");
        }
        checkWritePermission(userId);
+        enforceFrpResolved();

        // When changing credential for profiles with unified challenge, some callers
        // will pass in empty credential while others will pass in the credential of
--- a/services/tests/servicestests/src/com/android/server/locksettings/FakeSettings.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/FakeSettings.java
@@ -15,16 +15,23 @@
 */
 package com.android.server.locksettings;

+import android.content.ContentResolver;
+import android.os.UserHandle;
 import android.provider.Settings;

 public class FakeSettings {

    private int mDeviceProvisioned;
+    private int mSecureFrpMode;

    public void setDeviceProvisioned(boolean provisioned) {
        mDeviceProvisioned = provisioned ? 1 : 0;
    }

+    public void setSecureFrpMode(boolean secure) {
+        mSecureFrpMode = secure ? 1 : 0;
+    }
+
    public int globalGetInt(String keyName) {
        switch (keyName) {
            case Settings.Global.DEVICE_PROVISIONED:
@@ -33,4 +40,12 @@ public class FakeSettings {
                throw new IllegalArgumentException("Unhandled global settings: " + keyName);
        }
    }
+
+    public int secureGetInt(ContentResolver contentResolver, String keyName, int defaultValue,
+            int userId) {
+        if (Settings.Secure.SECURE_FRP_MODE.equals(keyName) && userId == UserHandle.USER_SYSTEM) {
+            return mSecureFrpMode;
+        }
+        return defaultValue;
+    }
 }
--- a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTestable.java
@@ -123,6 +123,12 @@ public class LockSettingsServiceTestable extends LockSettingsService {
            return mSettings.globalGetInt(keyName);
        }

+        @Override
+        public int settingsSecureGetInt(ContentResolver contentResolver, String keyName,
+                int defaultValue, int userId) {
+            return mSettings.secureGetInt(contentResolver, keyName, defaultValue, userId);
+        }
+
        @Override
        public UserManagerInternal getUserManagerInternal() {
            return mUserManagerInternal;
--- a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java
@@ -416,6 +416,15 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests {
                        eq(CREDENTIAL_TYPE_PASSWORD), any(), eq(MANAGED_PROFILE_USER_ID));
    }

+    @Test
+    public void testCredentialChangeNotPossibleInSecureFrpMode() {
+        mSettings.setSecureFrpMode(true);
+        try {
+            mService.setLockCredential(newPassword("1234"), nonePassword(), PRIMARY_USER_ID);
+            fail("Password shouldn't be changeable before FRP unlock");
+        } catch (SecurityException e) { }
+    }
+
    private void testCreateCredential(int userId, LockscreenCredential credential)
            throws RemoteException {
        assertTrue(mService.setLockCredential(credential, nonePassword(), userId));