Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Add a separate read permission for oem unlock state" into nyc-dev

Browse Source
This commit is contained in:
Amith Yamasani
2016-06-08 17:55:39 +00:00
committed by Android (Google) Code Review
parent 00681d0e78 d2b21047c8
commit 718f321369
3 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
api/system-current.txt
View File

@@ -169,6 +169,7 @@ package android {
field public static final java.lang.String READ_INSTALL_SESSIONS = "android.permission.READ_INSTALL_SESSIONS";
field public static final java.lang.String READ_LOGS = "android.permission.READ_LOGS";
field public static final java.lang.String READ_NETWORK_USAGE_HISTORY = "android.permission.READ_NETWORK_USAGE_HISTORY";
field public static final java.lang.String READ_OEM_UNLOCK_STATE = "android.permission.READ_OEM_UNLOCK_STATE";
field public static final java.lang.String READ_PHONE_STATE = "android.permission.READ_PHONE_STATE";
field public static final java.lang.String READ_PRIVILEGED_PHONE_STATE = "android.permission.READ_PRIVILEGED_PHONE_STATE";
field public static final java.lang.String READ_SEARCH_INDEXABLES = "android.permission.READ_SEARCH_INDEXABLES";

5
core/res/AndroidManifest.xml
View File

@@ -1416,6 +1416,11 @@
<permission android:name="android.permission.DVB_DEVICE"
android:protectionLevel="signature|privileged" />
<!-- @SystemApi Allows reading the OEM unlock state
@hide <p>Not for use by third-party applications. -->
<permission android:name="android.permission.READ_OEM_UNLOCK_STATE"
android:protectionLevel="signature|privileged" />
<!-- @hide Allows enabling/disabling OEM unlock
<p>Not for use by third-party applications. -->
<permission android:name="android.permission.OEM_UNLOCK_STATE"

22
services/core/java/com/android/server/PersistentDataBlockService.java
View File

@@ -125,10 +125,20 @@ public class PersistentDataBlockService extends SystemService {
SystemProperties.set(OEM_UNLOCK_PROP, enabled ? "1" : "0");
}
private void enforceOemUnlockPermission() {
private void enforceOemUnlockReadPermission() {
if (mContext.checkCallingOrSelfPermission(Manifest.permission.READ_OEM_UNLOCK_STATE)
== PackageManager.PERMISSION_DENIED
&& mContext.checkCallingOrSelfPermission(Manifest.permission.OEM_UNLOCK_STATE)
== PackageManager.PERMISSION_DENIED) {
throw new SecurityException("Can't access OEM unlock state. Requires "
+ "READ_OEM_UNLOCK_STATE or OEM_UNLOCK_STATE permission.");
}
}
private void enforceOemUnlockWritePermission() {
mContext.enforceCallingOrSelfPermission(
Manifest.permission.OEM_UNLOCK_STATE,
"Can't access OEM unlock state");
"Can't modify OEM unlock state");
}
private void enforceUid(int callingUid) {
@@ -425,7 +435,7 @@ public class PersistentDataBlockService extends SystemService {
@Override
public void wipe() {
enforceOemUnlockPermission();
enforceOemUnlockWritePermission();
synchronized (mLock) {
int ret = nativeWipe(mDataBlockFile);
@@ -442,7 +452,7 @@ public class PersistentDataBlockService extends SystemService {
if (ActivityManager.isUserAMonkey()) {
return;
}
enforceOemUnlockPermission();
enforceOemUnlockWritePermission();
enforceIsAdmin();
synchronized (mLock) {
@@ -453,13 +463,13 @@ public class PersistentDataBlockService extends SystemService {
@Override
public boolean getOemUnlockEnabled() {
enforceOemUnlockPermission();
enforceOemUnlockReadPermission();
return doGetOemUnlockEnabled();
}
@Override
public int getFlashLockState() {
enforceOemUnlockPermission();
enforceOemUnlockReadPermission();
String locked = SystemProperties.get(FLASH_LOCK_PROP);
switch (locked) {
case FLASH_LOCK_LOCKED: