Merge "Add a Global setting for disabling OEM unlocking setting" into nyc-mr1-dev

am: e333b2eb81

* commit 'e333b2eb81958cc8d27eb687ebd84844a84919ea':
  Add a Global setting for disabling OEM unlocking setting

Change-Id: I625b51c1e257afa095dfacb3bcf481fb2068b56f

core/java/android/provider/Settings.java

@@ -8893,6 +8893,15 @@ public final class Settings {
          * @hide
          */
         public static final String ENABLE_CELLULAR_ON_BOOT = "enable_cellular_on_boot";
+
+        /**
+         * Whether toggling OEM unlock is disallowed. If disallowed, it is not possible to enable or
+         * disable OEM unlock.
+         * <p>
+         * Type: int (0: allow OEM unlock setting. 1: disallow OEM unlock)
+         * @hide
+         */
+        public static final String OEM_UNLOCK_DISALLOWED = "oem_unlock_disallowed";
     }
 
     /**

packages/SettingsProvider/res/values/defaults.xml

@@ -216,4 +216,7 @@
 
     <!-- Default setting for ability to add users from the lock screen -->
     <bool name="def_add_users_from_lockscreen">false</bool>
+
+    <!-- Default setting for disallow oem unlock. -->
+    <bool name="def_oem_unlock_disallow">false</bool>
 </resources>

packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java

@@ -2078,7 +2078,7 @@ public class SettingsProvider extends ContentProvider {
         }
 
         private final class UpgradeController {
-            private static final int SETTINGS_VERSION = 127;
+            private static final int SETTINGS_VERSION = 128;
 
             private final int mUserId;
 
@@ -2333,6 +2333,18 @@ public class SettingsProvider extends ContentProvider {
                     currentVersion = 127;
                 }
 
+                if (currentVersion == 127) {
+                    // Version 127: Disable OEM unlock setting by default on some devices.
+                    final SettingsState globalSettings = getGlobalSettingsLocked();
+                    String defaultOemUnlockDisabled = (getContext().getResources()
+                            .getBoolean(R.bool.def_oem_unlock_disallow) ? "1" : "0");
+                    globalSettings.insertSettingLocked(
+                            Settings.Global.OEM_UNLOCK_DISALLOWED,
+                            defaultOemUnlockDisabled,
+                            SettingsState.SYSTEM_PACKAGE_NAME);
+                    currentVersion = 128;
+                }
+
                 // vXXX: Add new settings above this point.
 
                 // Return the current version.

services/core/java/com/android/server/PersistentDataBlockService.java

@@ -26,6 +26,7 @@ import android.os.RemoteException;
 import android.os.SystemProperties;
 import android.os.UserHandle;
 import android.os.UserManager;
+import android.provider.Settings;
 import android.service.persistentdata.IPersistentDataBlockService;
 import android.service.persistentdata.PersistentDataBlockManager;
 import android.util.Slog;
@@ -437,11 +438,16 @@ public class PersistentDataBlockService extends SystemService {
         }
 
         @Override
-        public void setOemUnlockEnabled(boolean enabled) {
+        public void setOemUnlockEnabled(boolean enabled) throws SecurityException {
             // do not allow monkey to flip the flag
             if (ActivityManager.isUserAMonkey()) {
                 return;
             }
+            // Do not allow oem unlock modification if it has been disallowed.
+            if (Settings.Global.getInt(getContext().getContentResolver(),
+                    Settings.Global.OEM_UNLOCK_DISALLOWED, 0) == 1) {
+                throw new SecurityException("OEM unlock has been disallowed.");
+            }
             enforceOemUnlockPermission();
             enforceIsAdmin();