From 0bbd108aa1fee8c69bbaf41990d3f3d8a99d54cb Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Tue, 26 Apr 2016 15:21:02 -0700 Subject: [PATCH] Check permission on clearPassword and other CryptKeeper APIs Note - this should only ever be called from LockScreen after getting the password to avoid the double prompt Bug: 28376346 Change-Id: Ic44df4fdcc23408c56b1b9375deed1c6ad2af544 --- .../com/android/server/LockSettingsService.java | 10 ++++++++-- .../core/java/com/android/server/MountService.java | 14 +++++++++++++- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java index c912b11250ddc..cbf7e8038b5be 100644 --- a/services/core/java/com/android/server/LockSettingsService.java +++ b/services/core/java/com/android/server/LockSettingsService.java @@ -1281,8 +1281,14 @@ public class LockSettingsService extends ILockSettings.Stub { // service can't connect to vold, it restarts, and then the new instance // does successfully connect. final IMountService service = getMountService(); - String password = service.getPassword(); - service.clearPassword(); + String password; + long identity = Binder.clearCallingIdentity(); + try { + password = service.getPassword(); + service.clearPassword(); + } finally { + Binder.restoreCallingIdentity(identity); + } if (password == null) { return false; } diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java index b0581aa331fba..7253870d2f126 100644 --- a/services/core/java/com/android/server/MountService.java +++ b/services/core/java/com/android/server/MountService.java @@ -2648,6 +2648,8 @@ class MountService extends IMountService.Stub */ @Override public int getPasswordType() { + mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL, + "no permission to access the crypt keeper"); waitForReady(); @@ -2672,6 +2674,8 @@ class MountService extends IMountService.Stub */ @Override public void setField(String field, String contents) throws RemoteException { + mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL, + "no permission to access the crypt keeper"); waitForReady(); @@ -2690,6 +2694,8 @@ class MountService extends IMountService.Stub */ @Override public String getField(String field) throws RemoteException { + mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL, + "no permission to access the crypt keeper"); waitForReady(); @@ -2714,6 +2720,8 @@ class MountService extends IMountService.Stub */ @Override public boolean isConvertibleToFBE() throws RemoteException { + mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL, + "no permission to access the crypt keeper"); waitForReady(); @@ -2728,8 +2736,9 @@ class MountService extends IMountService.Stub @Override public String getPassword() throws RemoteException { - mContext.enforceCallingOrSelfPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, + mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL, "only keyguard can retrieve password"); + if (!isReady()) { return new String(); } @@ -2752,6 +2761,9 @@ class MountService extends IMountService.Stub @Override public void clearPassword() throws RemoteException { + mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL, + "only keyguard can clear password"); + if (!isReady()) { return; }