diff --git a/core/java/android/provider/Settings.java b/core/java/android/provider/Settings.java index a8fb7a280de94..496df46f9ff0e 100755 --- a/core/java/android/provider/Settings.java +++ b/core/java/android/provider/Settings.java @@ -8893,6 +8893,15 @@ public final class Settings { * @hide */ public static final String ENABLE_CELLULAR_ON_BOOT = "enable_cellular_on_boot"; + + /** + * Whether toggling OEM unlock is disallowed. If disallowed, it is not possible to enable or + * disable OEM unlock. + *

+ * Type: int (0: allow OEM unlock setting. 1: disallow OEM unlock) + * @hide + */ + public static final String OEM_UNLOCK_DISALLOWED = "oem_unlock_disallowed"; } /** diff --git a/packages/SettingsProvider/res/values/defaults.xml b/packages/SettingsProvider/res/values/defaults.xml index 978ca9466ff11..108814e66348d 100644 --- a/packages/SettingsProvider/res/values/defaults.xml +++ b/packages/SettingsProvider/res/values/defaults.xml @@ -216,4 +216,7 @@ false + + + false diff --git a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java index f49594cb44d17..6c68135754bb5 100644 --- a/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java +++ b/packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java @@ -2078,7 +2078,7 @@ public class SettingsProvider extends ContentProvider { } private final class UpgradeController { - private static final int SETTINGS_VERSION = 127; + private static final int SETTINGS_VERSION = 128; private final int mUserId; @@ -2333,6 +2333,18 @@ public class SettingsProvider extends ContentProvider { currentVersion = 127; } + if (currentVersion == 127) { + // Version 127: Disable OEM unlock setting by default on some devices. + final SettingsState globalSettings = getGlobalSettingsLocked(); + String defaultOemUnlockDisabled = (getContext().getResources() + .getBoolean(R.bool.def_oem_unlock_disallow) ? "1" : "0"); + globalSettings.insertSettingLocked( + Settings.Global.OEM_UNLOCK_DISALLOWED, + defaultOemUnlockDisabled, + SettingsState.SYSTEM_PACKAGE_NAME); + currentVersion = 128; + } + // vXXX: Add new settings above this point. // Return the current version. diff --git a/services/core/java/com/android/server/PersistentDataBlockService.java b/services/core/java/com/android/server/PersistentDataBlockService.java index 2085f3277648e..502629be7cc96 100644 --- a/services/core/java/com/android/server/PersistentDataBlockService.java +++ b/services/core/java/com/android/server/PersistentDataBlockService.java @@ -26,6 +26,7 @@ import android.os.RemoteException; import android.os.SystemProperties; import android.os.UserHandle; import android.os.UserManager; +import android.provider.Settings; import android.service.persistentdata.IPersistentDataBlockService; import android.service.persistentdata.PersistentDataBlockManager; import android.util.Slog; @@ -437,11 +438,16 @@ public class PersistentDataBlockService extends SystemService { } @Override - public void setOemUnlockEnabled(boolean enabled) { + public void setOemUnlockEnabled(boolean enabled) throws SecurityException { // do not allow monkey to flip the flag if (ActivityManager.isUserAMonkey()) { return; } + // Do not allow oem unlock modification if it has been disallowed. + if (Settings.Global.getInt(getContext().getContentResolver(), + Settings.Global.OEM_UNLOCK_DISALLOWED, 0) == 1) { + throw new SecurityException("OEM unlock has been disallowed."); + } enforceOemUnlockPermission(); enforceIsAdmin();