Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove UID checks from LockPatternUtils

Browse Source 
The UID checks should be unnecessary because LockPatternUtils already relies
on system permission checks in Settings, LockSettings, DevicePolicyManager
and Keystore.  These checks should already catch illegal operations.

This was interfering with the stand-alone test app for keyguard.

Change-Id: I2da2a729ca29feae9e962c2e360ec47490bcbbf0
This commit is contained in:
Jim Miller
2012-09-21 14:47:54 -07:00
parent 3034d45104
commit 25645d8bbc
1 changed files with 13 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
core/java/com/android/internal/widget/LockPatternUtils.java
View File

@@ -215,36 +215,26 @@ public class LockPatternUtils {
}
public void setCurrentUser(int userId) {
if (Process.myUid() == Process.SYSTEM_UID) {
mCurrentUserId = userId;
} else {
throw new SecurityException("Only the system process can set the current user");
}
mCurrentUserId = userId;
}
public int getCurrentUser() {
if (Process.myUid() == Process.SYSTEM_UID) {
if (mCurrentUserId != UserHandle.USER_NULL) {
// Someone is regularly updating using setCurrentUser() use that value.
return mCurrentUserId;
}
try {
return ActivityManagerNative.getDefault().getCurrentUser().id;
} catch (RemoteException re) {
return UserHandle.USER_OWNER;
}
} else {
throw new SecurityException("Only the system process can get the current user");
if (mCurrentUserId != UserHandle.USER_NULL) {
// Someone is regularly updating using setCurrentUser() use that value.
return mCurrentUserId;
}
try {
return ActivityManagerNative.getDefault().getCurrentUser().id;
} catch (RemoteException re) {
return UserHandle.USER_OWNER;
}
}
public void removeUser(int userId) {
if (Process.myUid() == Process.SYSTEM_UID) {
try {
getLockSettings().removeUser(userId);
} catch (RemoteException re) {
Log.e(TAG, "Couldn't remove lock settings for user " + userId);
}
try {
getLockSettings().removeUser(userId);
} catch (RemoteException re) {
Log.e(TAG, "Couldn't remove lock settings for user " + userId);
}
}
@@ -591,10 +581,6 @@ public class LockPatternUtils {
// Compute the hash
final byte[] hash = passwordToHash(password);
try {
if (Process.myUid() != Process.SYSTEM_UID && userHandle != UserHandle.myUserId()) {
throw new SecurityException(
"Only the system process can save lock password for another user");
}
getLockSettings().setLockPassword(hash, userHandle);
DevicePolicyManager dpm = getDevicePolicyManager();
KeyStore keyStore = KeyStore.getInstance();