Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1a5b76c9 authored by Andrew Scull's avatar Andrew Scull
Browse files

Skip user restriction tests when synchronizing PDB 

Some legacy user restrictions are tests when update the OEM lock bit in
the persistent data block. Those tests should be skipped when
synchronising the bit to the HAl's authoritative state. Before this
change, opening developer options on a freshly flashed and wipe device
would raise a SecurityException.

Test: Open developer options on a device using the vendor lock
Change-Id: I1481c9e9af3c4d2127ef606a797d3cf94b7b1ee5
parent eb3442cf

services/core/java/com/android/server/PersistentDataBlockManagerInternal.java

+3 −0
Original line number Diff line number Diff line
@@ -26,4 +26,7 @@ public interface PersistentDataBlockManagerInternal { 


    /** Retrieves handle to a lockscreen credential to be used for Factory Reset Protection. */

    byte[] getFrpCredentialHandle();



    /** Update the OEM unlock enabled bit, bypassing user restriction checks. */

    void forceOemUnlockEnabled(boolean enabled);

}

services/core/java/com/android/server/PersistentDataBlockService.java

+8 −0
Original line number Diff line number Diff line
@@ -668,5 +668,13 @@ public class PersistentDataBlockService extends SystemService { 
                IoUtils.closeQuietly(inputStream);

            }

        }



        @Override

        public void forceOemUnlockEnabled(boolean enabled) {

            synchronized (mLock) {

                doSetOemUnlockEnabledLocked(enabled);

                computeAndWriteDigestLocked();

            }

        }

    };

}

services/core/java/com/android/server/oemlock/OemLockService.java

+5 −6
Original line number Diff line number Diff line
@@ -31,10 +31,10 @@ import android.os.UserManager; 
import android.os.UserManagerInternal;

import android.os.UserManagerInternal.UserRestrictionsListener;

import android.service.oemlock.IOemLockService;

import android.service.persistentdata.PersistentDataBlockManager;

import android.util.Slog;



import com.android.server.LocalServices;

import com.android.server.PersistentDataBlockManagerInternal;

import com.android.server.SystemService;

import com.android.server.pm.UserRestrictionsUtils;
@@ -217,13 +217,12 @@ public class OemLockService extends SystemService { 
     * is used to erase FRP information on a unlockable device.

     */

    private void setPersistentDataBlockOemUnlockAllowedBit(boolean allowed) {

        final PersistentDataBlockManager pdbm = (PersistentDataBlockManager)

                mContext.getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE);

        final PersistentDataBlockManagerInternal pdbmi

                = LocalServices.getService(PersistentDataBlockManagerInternal.class);

        // if mOemLock is PersistentDataBlockLock, then the bit should have already been set

        if (pdbm != null && !(mOemLock instanceof PersistentDataBlockLock)

                && pdbm.getOemUnlockEnabled() != allowed) {

        if (pdbmi != null && !(mOemLock instanceof PersistentDataBlockLock)) {

            Slog.i(TAG, "Update OEM Unlock bit in pst partition to " + allowed);

            pdbm.setOemUnlockEnabled(allowed);

            pdbmi.forceOemUnlockEnabled(allowed);

        }

    }