Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "RESTRICT AUTOMERGE: SettingsProvider: exclude secure_frp_mode from resets" into rvc-dev

Browse Source
This commit is contained in:
Eric Biggers
2023-08-08 00:52:09 +00:00
committed by Android (Google) Code Review
parent 52b9136358 f0f020c21f
commit c1aa2bb360
2 changed files with 38 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java
View File

@@ -2955,6 +2955,15 @@ public class SettingsProvider extends ContentProvider {
return settingsState.getSettingLocked(name); return settingsState.getSettingLocked(name);
} }
private boolean shouldExcludeSettingFromReset(Setting setting, String prefix) {
// If a prefix was specified, exclude settings whose names don't start with it.
if (prefix != null && !setting.getName().startsWith(prefix)) {
return true;
}
// Never reset SECURE_FRP_MODE, as it could be abused to bypass FRP via RescueParty.
return Secure.SECURE_FRP_MODE.equals(setting.getName());
}
public void resetSettingsLocked(int type, int userId, String packageName, int mode, public void resetSettingsLocked(int type, int userId, String packageName, int mode,
String tag) { String tag) {
resetSettingsLocked(type, userId, packageName, mode, tag, /*prefix=*/ resetSettingsLocked(type, userId, packageName, mode, tag, /*prefix=*/
@@ -2977,7 +2986,7 @@ public class SettingsProvider extends ContentProvider {
Setting setting = settingsState.getSettingLocked(name); Setting setting = settingsState.getSettingLocked(name);
if (packageName.equals(setting.getPackageName())) { if (packageName.equals(setting.getPackageName())) {
if ((tag != null && !tag.equals(setting.getTag())) if ((tag != null && !tag.equals(setting.getTag()))
|| (prefix != null && !setting.getName().startsWith(prefix))) { || shouldExcludeSettingFromReset(setting, prefix)) {
continue; continue;
} }
if (settingsState.resetSettingLocked(name)) { if (settingsState.resetSettingLocked(name)) {
@@ -2997,7 +3006,7 @@ public class SettingsProvider extends ContentProvider {
Setting setting = settingsState.getSettingLocked(name); Setting setting = settingsState.getSettingLocked(name);
if (!SettingsState.isSystemPackage(getContext(), if (!SettingsState.isSystemPackage(getContext(),
setting.getPackageName(), INVALID_UID, userId)) { setting.getPackageName(), INVALID_UID, userId)) {
if (prefix != null && !setting.getName().startsWith(prefix)) { if (shouldExcludeSettingFromReset(setting, prefix)) {
continue; continue;
} }
if (settingsState.resetSettingLocked(name)) { if (settingsState.resetSettingLocked(name)) {
@@ -3017,7 +3026,7 @@ public class SettingsProvider extends ContentProvider {
Setting setting = settingsState.getSettingLocked(name); Setting setting = settingsState.getSettingLocked(name);
if (!SettingsState.isSystemPackage(getContext(), if (!SettingsState.isSystemPackage(getContext(),
setting.getPackageName(), INVALID_UID, userId)) { setting.getPackageName(), INVALID_UID, userId)) {
if (prefix != null && !setting.getName().startsWith(prefix)) { if (shouldExcludeSettingFromReset(setting, prefix)) {
continue; continue;
} }
if (setting.isDefaultFromSystem()) { if (setting.isDefaultFromSystem()) {
@@ -3040,7 +3049,7 @@ public class SettingsProvider extends ContentProvider {
for (String name : settingsState.getSettingNamesLocked()) { for (String name : settingsState.getSettingNamesLocked()) {
Setting setting = settingsState.getSettingLocked(name); Setting setting = settingsState.getSettingLocked(name);
boolean someSettingChanged = false; boolean someSettingChanged = false;
if (prefix != null && !setting.getName().startsWith(prefix)) { if (shouldExcludeSettingFromReset(setting, prefix)) {
continue; continue;
} }
if (setting.isDefaultFromSystem()) { if (setting.isDefaultFromSystem()) {

25
packages/SettingsProvider/test/src/com/android/providers/settings/SettingsProviderTest.java
View File

@@ -463,6 +463,31 @@ public class SettingsProviderTest extends BaseSettingsProviderTest {
} }
} }
// To prevent FRP bypasses, the SECURE_FRP_MODE setting should not be reset when all other
// settings are reset. But it should still be possible to explicitly set its value.
@Test
public void testSecureFrpModeSettingCannotBeReset() throws Exception {
final String name = Settings.Secure.SECURE_FRP_MODE;
final String origValue = getSetting(SETTING_TYPE_GLOBAL, name);
setSettingViaShell(SETTING_TYPE_GLOBAL, name, "1", false);
try {
assertEquals("1", getSetting(SETTING_TYPE_GLOBAL, name));
for (int type : new int[] { SETTING_TYPE_GLOBAL, SETTING_TYPE_SECURE }) {
resetSettingsViaShell(type, Settings.RESET_MODE_UNTRUSTED_DEFAULTS);
resetSettingsViaShell(type, Settings.RESET_MODE_UNTRUSTED_CHANGES);
resetSettingsViaShell(type, Settings.RESET_MODE_TRUSTED_DEFAULTS);
}
// The value should still be "1". It should not have been reset to null.
assertEquals("1", getSetting(SETTING_TYPE_GLOBAL, name));
// It should still be possible to explicitly set the value to "0".
setSettingViaShell(SETTING_TYPE_GLOBAL, name, "0", false);
assertEquals("0", getSetting(SETTING_TYPE_GLOBAL, name));
} finally {
setSettingViaShell(SETTING_TYPE_GLOBAL, name, origValue, false);
assertEquals(origValue, getSetting(SETTING_TYPE_GLOBAL, name));
}
}
private void doTestQueryStringInBracketsViaProviderApiForType(int type) { private void doTestQueryStringInBracketsViaProviderApiForType(int type) {
// Make sure we have a clean slate. // Make sure we have a clean slate.
deleteStringViaProviderApi(type, FAKE_SETTING_NAME); deleteStringViaProviderApi(type, FAKE_SETTING_NAME);