From 49d53452e744f03593093f6588cea12a405f9ff5 Mon Sep 17 00:00:00 2001
From: Adrian Roos <roosa@google.com>
Date: Fri, 24 Oct 2014 15:48:39 +0200
Subject: [PATCH] Ensure trust agents are disabled in safe-mode

Bug: 18070351
Change-Id: I71c5441bb501bb0996b557519328eb0847f043cf
---
 .../server/trust/TrustManagerService.java        | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index 1649535890138..65cb35b5a910f 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -122,11 +122,15 @@ public class TrustManagerService extends SystemService {
 
     @Override
     public void onBootPhase(int phase) {
-        if (phase == SystemService.PHASE_SYSTEM_SERVICES_READY && !isSafeMode()) {
+        if (isSafeMode()) {
+            // No trust agents in safe mode.
+            return;
+        }
+        if (phase == SystemService.PHASE_SYSTEM_SERVICES_READY) {
             mPackageMonitor.register(mContext, mHandler.getLooper(), UserHandle.ALL, true);
             mReceiver.register(mContext);
             refreshAgentList(UserHandle.USER_ALL);
-        } else if (phase == SystemService.PHASE_BOOT_COMPLETED && !isSafeMode()) {
+        } else if (phase == SystemService.PHASE_BOOT_COMPLETED) {
             maybeEnableFactoryTrustAgents(mLockPatternUtils, UserHandle.USER_OWNER);
         }
     }
@@ -174,6 +178,10 @@ public class TrustManagerService extends SystemService {
 
     void refreshAgentList(int userId) {
         if (DEBUG) Slog.d(TAG, "refreshAgentList()");
+        if (isSafeMode()) {
+            // Don't ever bind to trust agents in safe mode.
+            return;
+        }
         if (userId != UserHandle.USER_ALL && userId < UserHandle.USER_OWNER) {
             Log.e(TAG, "refreshAgentList(userId=" + userId + "): Invalid user handle,"
                     + " must be USER_ALL or a specific user.", new Throwable("here"));
@@ -580,6 +588,10 @@ public class TrustManagerService extends SystemService {
         protected void dump(FileDescriptor fd, final PrintWriter fout, String[] args) {
             mContext.enforceCallingPermission(Manifest.permission.DUMP,
                     "dumping TrustManagerService");
+            if (isSafeMode()) {
+                fout.println("disabled because the system is in safe mode.");
+                return;
+            }
             final UserInfo currentUser;
             final List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */);
             try {