Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "LockSettings: Enforce permission check on havePattern/havePassword/systemReady" into oc-mr1-dev

Browse Source
This commit is contained in:
TreeHugger Robot
2017-08-18 16:24:43 +00:00
committed by Android (Google) Code Review
parent fde112a2eb b953e188d0
commit 713a92390e
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
services/core/java/com/android/server/locksettings/LockSettingsService.java
View File

@@ -19,6 +19,7 @@ package com.android.server.locksettings;
import static android.Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE;
import static android.Manifest.permission.READ_CONTACTS;
import static android.content.Context.KEYGUARD_SERVICE;
import static android.content.pm.PackageManager.PERMISSION_GRANTED;
import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT;
import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_ENABLED_KEY;
@@ -77,6 +78,7 @@ import android.service.gatekeeper.GateKeeperResponse;
import android.service.gatekeeper.IGateKeeperService;
import android.text.TextUtils;
import android.util.ArrayMap;
import android.util.EventLog;
import android.util.Log;
import android.util.Slog;
@@ -559,6 +561,10 @@ public class LockSettingsService extends ILockSettings.Stub {
@Override // binder interface
public void systemReady() {
if (mContext.checkCallingOrSelfPermission(PERMISSION) != PERMISSION_GRANTED) {
EventLog.writeEvent(0x534e4554, "28251513", getCallingUid(), ""); // SafetyNet
}
checkWritePermission(UserHandle.USER_SYSTEM);
migrateOldData();
try {
getGateKeeperService();
@@ -805,6 +811,13 @@ public class LockSettingsService extends ILockSettings.Stub {
mContext.enforceCallingOrSelfPermission(PERMISSION, "LockSettingsRead");
}
private final void checkPasswordHavePermission(int userId) {
if (mContext.checkCallingOrSelfPermission(PERMISSION) != PERMISSION_GRANTED) {
EventLog.writeEvent(0x534e4554, "28251513", getCallingUid(), ""); // SafetyNet
}
mContext.enforceCallingOrSelfPermission(PERMISSION, "LockSettingsHave");
}
private final void checkReadPermission(String requestedKey, int userId) {
final int callingUid = Binder.getCallingUid();
@@ -934,6 +947,7 @@ public class LockSettingsService extends ILockSettings.Stub {
@Override
public boolean havePassword(int userId) throws RemoteException {
checkPasswordHavePermission(userId);
synchronized (mSpManager) {
if (isSyntheticPasswordBasedCredentialLocked(userId)) {
long handle = getSyntheticPasswordHandleLocked(userId);
@@ -947,6 +961,7 @@ public class LockSettingsService extends ILockSettings.Stub {
@Override
public boolean havePattern(int userId) throws RemoteException {
checkPasswordHavePermission(userId);
synchronized (mSpManager) {
if (isSyntheticPasswordBasedCredentialLocked(userId)) {
long handle = getSyntheticPasswordHandleLocked(userId);