From c1073635fdd927799d084e195f868cb204157355 Mon Sep 17 00:00:00 2001
From: Rubin Xu <rubinxu@google.com>
Date: Fri, 27 Mar 2020 21:03:01 +0000
Subject: [PATCH] Only enforce secure FRP mode when in setup wizard

SUW can be skipped on debug builds and that will leave
secure_frp_mode uncleared, causing credential change
to fail under the current enforcement. Fix it such that
the enforcement only applies before SUW completes.

Bug: 152587445
Test: manual
Change-Id: Ic79a9412a2a11f5a2fcca2b8ea76fdab78496d06
---
 .../server/locksettings/LockSettingsService.java      | 11 ++++++++---
 .../com/android/server/locksettings/FakeSettings.java |  9 +++++++++
 .../server/locksettings/LockSettingsServiceTests.java | 11 ++++++++++-
 3 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index 1b4ec8a8fa325..1838dc949571c 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -1016,9 +1016,14 @@ public class LockSettingsService extends ILockSettings.Stub {
     }
 
     private void enforceFrpResolved() {
-        if (mInjector.settingsSecureGetInt(mContext.getContentResolver(),
-                Settings.Secure.SECURE_FRP_MODE, 0, UserHandle.USER_SYSTEM) == 1) {
-            throw new SecurityException("Cannot change credential while FRP is not resolved yet");
+        final ContentResolver cr = mContext.getContentResolver();
+        final boolean inSetupWizard = mInjector.settingsSecureGetInt(cr,
+                Settings.Secure.USER_SETUP_COMPLETE, 0, UserHandle.USER_SYSTEM) == 0;
+        final boolean secureFrp = mInjector.settingsSecureGetInt(cr,
+                Settings.Secure.SECURE_FRP_MODE, 0, UserHandle.USER_SYSTEM) == 1;
+        if (inSetupWizard && secureFrp) {
+            throw new SecurityException("Cannot change credential in SUW while factory reset"
+                    + " protection is not resolved yet");
         }
     }
 
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/FakeSettings.java b/services/tests/servicestests/src/com/android/server/locksettings/FakeSettings.java
index c5e924be2612f..2bcd653a5476b 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/FakeSettings.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/FakeSettings.java
@@ -23,6 +23,7 @@ public class FakeSettings {
 
     private int mDeviceProvisioned;
     private int mSecureFrpMode;
+    private int mUserSetupComplete;
 
     public void setDeviceProvisioned(boolean provisioned) {
         mDeviceProvisioned = provisioned ? 1 : 0;
@@ -32,6 +33,10 @@ public class FakeSettings {
         mSecureFrpMode = secure ? 1 : 0;
     }
 
+    public void setUserSetupComplete(boolean complete) {
+        mUserSetupComplete = complete ? 1 : 0;
+    }
+
     public int globalGetInt(String keyName) {
         switch (keyName) {
             case Settings.Global.DEVICE_PROVISIONED:
@@ -46,6 +51,10 @@ public class FakeSettings {
         if (Settings.Secure.SECURE_FRP_MODE.equals(keyName) && userId == UserHandle.USER_SYSTEM) {
             return mSecureFrpMode;
         }
+        if (Settings.Secure.USER_SETUP_COMPLETE.equals(keyName)
+                && userId == UserHandle.USER_SYSTEM) {
+            return mUserSetupComplete;
+        }
         return defaultValue;
     }
 }
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java
index 661ce113e81ea..07d7830c9b0fe 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java
@@ -417,7 +417,8 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests {
     }
 
     @Test
-    public void testCredentialChangeNotPossibleInSecureFrpMode() {
+    public void testCredentialChangeNotPossibleInSecureFrpModeDuringSuw() {
+        mSettings.setUserSetupComplete(false);
         mSettings.setSecureFrpMode(true);
         try {
             mService.setLockCredential(newPassword("1234"), nonePassword(), PRIMARY_USER_ID);
@@ -425,6 +426,14 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests {
         } catch (SecurityException e) { }
     }
 
+    @Test
+    public void testCredentialChangePossibleInSecureFrpModeAfterSuw() {
+        mSettings.setUserSetupComplete(true);
+        mSettings.setSecureFrpMode(true);
+        assertTrue(mService.setLockCredential(newPassword("1234"), nonePassword(),
+                PRIMARY_USER_ID));
+    }
+
     private void testCreateCredential(int userId, LockscreenCredential credential)
             throws RemoteException {
         assertTrue(mService.setLockCredential(credential, nonePassword(), userId));