diff --git a/services/core/java/com/android/server/oemlock/OemLockService.java b/services/core/java/com/android/server/oemlock/OemLockService.java index 40c663942e1d0..5b3d1eca03bd0 100644 --- a/services/core/java/com/android/server/oemlock/OemLockService.java +++ b/services/core/java/com/android/server/oemlock/OemLockService.java @@ -31,6 +31,7 @@ import android.os.UserManager; import android.os.UserManagerInternal; import android.os.UserManagerInternal.UserRestrictionsListener; import android.service.oemlock.IOemLockService; +import android.service.persistentdata.PersistentDataBlockManager; import android.util.Slog; import com.android.server.LocalServices; @@ -98,6 +99,7 @@ public class OemLockService extends SystemService { !newRestrictions.getBoolean(UserManager.DISALLOW_FACTORY_RESET); if (!unlockAllowedByAdmin) { mOemLock.setOemUnlockAllowedByDevice(false); + setPersistentDataBlockOemUnlockAllowedBit(false); } } } @@ -158,6 +160,7 @@ public class OemLockService extends SystemService { } mOemLock.setOemUnlockAllowedByDevice(allowedByUser); + setPersistentDataBlockOemUnlockAllowedBit(allowedByUser); } finally { Binder.restoreCallingIdentity(token); } @@ -202,6 +205,20 @@ public class OemLockService extends SystemService { } }; + /** + * Always synchronize the OemUnlockAllowed bit to the FRP partition, which + * is used to erase FRP information on a unlockable device. + */ + private void setPersistentDataBlockOemUnlockAllowedBit(boolean allowed) { + final PersistentDataBlockManager pdbm = (PersistentDataBlockManager) + mContext.getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE); + // if mOemLock is PersistentDataBlockLock, then the bit should have already been set + if (pdbm != null && !(mOemLock instanceof PersistentDataBlockLock)) { + Slog.i(TAG, "Update OEM Unlock bit in pst partition to " + allowed); + pdbm.setOemUnlockEnabled(allowed); + } + } + private boolean isOemUnlockAllowedByAdmin() { return !UserManager.get(mContext) .hasUserRestriction(UserManager.DISALLOW_FACTORY_RESET, UserHandle.SYSTEM);