Disallow OEM unlock when DISALLOW_FACTORY_RESET applies

Bug: 28339424 Change-Id: I4b6dc6f186ea60a13e778f52d574e615b0b19b74
2016-05-17 18:53:09 +01:00
parent 8cbec3de0f
commit 830e32cdcc
2 changed files with 21 additions and 1 deletions
--- a/services/core/java/com/android/server/PersistentDataBlockService.java
+++ b/services/core/java/com/android/server/PersistentDataBlockService.java
@@ -146,6 +146,15 @@ public class PersistentDataBlockService extends SystemService {
                    "Only the Admin user is allowed to change OEM unlock state");
        }
    }
+
+    private void enforceFactoryResetAllowed() {
+        final boolean isOemUnlockRestricted = UserManager.get(mContext)
+                .hasUserRestriction(UserManager.DISALLOW_FACTORY_RESET);
+        if (isOemUnlockRestricted) {
+            throw new SecurityException("OEM unlock is disallowed by DISALLOW_FACTORY_RESET");
+        }
+    }
+
    private int getTotalDataSizeLocked(DataInputStream inputStream) throws IOException {
        // skip over checksum
        inputStream.skipBytes(DIGEST_SIZE_BYTES);
@@ -452,7 +461,9 @@ public class PersistentDataBlockService extends SystemService {
                    Settings.Global.OEM_UNLOCK_DISALLOWED, 0) == 1) {
                throw new SecurityException("OEM unlock has been disallowed.");
            }
-
+            if (enabled) {
+                enforceFactoryResetAllowed();
+            }
            synchronized (mLock) {
                doSetOemUnlockEnabledLocked(enabled);
                computeAndWriteDigestLocked();
--- a/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
+++ b/services/core/java/com/android/server/pm/UserRestrictionsUtils.java
@@ -33,6 +33,7 @@ import android.os.RemoteException;
 import android.os.SystemProperties;
 import android.os.UserHandle;
 import android.os.UserManager;
+import android.service.persistentdata.PersistentDataBlockManager;
 import android.telephony.SubscriptionInfo;
 import android.telephony.SubscriptionManager;
 import android.util.Log;
@@ -424,6 +425,14 @@ public class UserRestrictionsUtils {
                            android.provider.Settings.Global.SAFE_BOOT_DISALLOWED,
                            newValue ? 1 : 0);
                    break;
+                case UserManager.DISALLOW_FACTORY_RESET:
+                    if (newValue) {
+                        PersistentDataBlockManager manager = (PersistentDataBlockManager) context
+                                .getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE);
+                        if (manager != null) {
+                            manager.setOemUnlockEnabled(false);
+                        }
+                    }
            }
        } finally {
            Binder.restoreCallingIdentity(id);