Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Check permission on clearPassword and other CryptKeeper APIs" into nyc-dev

Browse Source 
am: 1658fff3a9

* commit '1658fff3a92ce6ad13f41ce5faf7fcdfe3ca2673':
  Check permission on clearPassword and other CryptKeeper APIs

Change-Id: I03145596adfd67f016119408c95c6ba5f8f6b271
This commit is contained in:
Paul Lawrence
2016-04-29 14:50:05 +00:00
committed by android-build-merger
parent 01a3ddd116 1658fff3a9
commit da3d5afa2b
2 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
services/core/java/com/android/server/LockSettingsService.java
View File

@@ -1281,8 +1281,14 @@ public class LockSettingsService extends ILockSettings.Stub {
// service can't connect to vold, it restarts, and then the new instance // service can't connect to vold, it restarts, and then the new instance
// does successfully connect. // does successfully connect.
final IMountService service = getMountService(); final IMountService service = getMountService();
String password = service.getPassword(); String password;
service.clearPassword(); long identity = Binder.clearCallingIdentity();
try {
password = service.getPassword();
service.clearPassword();
} finally {
Binder.restoreCallingIdentity(identity);
}
if (password == null) { if (password == null) {
return false; return false;
} }

14
services/core/java/com/android/server/MountService.java
View File

@@ -2648,6 +2648,8 @@ class MountService extends IMountService.Stub
*/ */
@Override @Override
public int getPasswordType() { public int getPasswordType() {
mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL,
"no permission to access the crypt keeper");
waitForReady(); waitForReady();
@@ -2672,6 +2674,8 @@ class MountService extends IMountService.Stub
*/ */
@Override @Override
public void setField(String field, String contents) throws RemoteException { public void setField(String field, String contents) throws RemoteException {
mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL,
"no permission to access the crypt keeper");
waitForReady(); waitForReady();
@@ -2690,6 +2694,8 @@ class MountService extends IMountService.Stub
*/ */
@Override @Override
public String getField(String field) throws RemoteException { public String getField(String field) throws RemoteException {
mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL,
"no permission to access the crypt keeper");
waitForReady(); waitForReady();
@@ -2714,6 +2720,8 @@ class MountService extends IMountService.Stub
*/ */
@Override @Override
public boolean isConvertibleToFBE() throws RemoteException { public boolean isConvertibleToFBE() throws RemoteException {
mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL,
"no permission to access the crypt keeper");
waitForReady(); waitForReady();
@@ -2728,8 +2736,9 @@ class MountService extends IMountService.Stub
@Override @Override
public String getPassword() throws RemoteException { public String getPassword() throws RemoteException {
mContext.enforceCallingOrSelfPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE, mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL,
"only keyguard can retrieve password"); "only keyguard can retrieve password");
if (!isReady()) { if (!isReady()) {
return new String(); return new String();
} }
@@ -2752,6 +2761,9 @@ class MountService extends IMountService.Stub
@Override @Override
public void clearPassword() throws RemoteException { public void clearPassword() throws RemoteException {
mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL,
"only keyguard can clear password");
if (!isReady()) { if (!isReady()) {
return; return;
} }