Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3b8b46f3 authored by Andrew Scull's avatar Andrew Scull
Browse files

Service for OEM lock management. 

The new service separates OEM lock management from the implementation.
Currently, a user restriction (DISALLOW_OEM_UNLOCK) and the persistent
data block have been used to implement OEM lock management. In future,
other implemention will be used e.g. a secure element.

The new API also allows for a signature to be passed when changing
whether the device is allowed to be OEM unlocked by the carrier which
can be used for cryptographic protection of the flag.

Bug: 34766843
Test: gts-tradefed run gts -m GtsOemLockServiceTestCases -t com.google.android.oemlock.gts.OemLockServiceTest
Test: cts-tradefed run cts -m CtsPermission2TestCases -t android.permission2.cts.PrivappPermissionsTest
Change-Id: I01660d7605d297f273d43436ca03d64ff611b6cf
parent ef3a28cb

Android.mk

+1 −0
Original line number Diff line number Diff line
@@ -308,6 +308,7 @@ LOCAL_SRC_FILES += \ 
	core/java/android/companion/IFindDeviceCallback.aidl \

	core/java/android/service/dreams/IDreamManager.aidl \

	core/java/android/service/dreams/IDreamService.aidl \

	core/java/android/service/oemlock/IOemLockService.aidl \

	core/java/android/service/persistentdata/IPersistentDataBlockService.aidl \

	core/java/android/service/trust/ITrustAgentService.aidl \

	core/java/android/service/trust/ITrustAgentServiceCallback.aidl \

api/system-current.txt

+17 −3
Original line number Diff line number Diff line
@@ -141,12 +141,14 @@ package android { 
    field public static final java.lang.String MANAGE_APP_OPS_RESTRICTIONS = "android.permission.MANAGE_APP_OPS_RESTRICTIONS";

    field public static final java.lang.String MANAGE_APP_TOKENS = "android.permission.MANAGE_APP_TOKENS";

    field public static final java.lang.String MANAGE_AUTO_FILL = "android.permission.MANAGE_AUTO_FILL";

    field public static final java.lang.String MANAGE_CARRIER_OEM_UNLOCK_STATE = "android.permission.MANAGE_CARRIER_OEM_UNLOCK_STATE";

    field public static final java.lang.String MANAGE_CA_CERTIFICATES = "android.permission.MANAGE_CA_CERTIFICATES";

    field public static final java.lang.String MANAGE_DEVICE_ADMINS = "android.permission.MANAGE_DEVICE_ADMINS";

    field public static final java.lang.String MANAGE_DOCUMENTS = "android.permission.MANAGE_DOCUMENTS";

    field public static final java.lang.String MANAGE_OWN_CALLS = "android.permission.MANAGE_OWN_CALLS";

    field public static final java.lang.String MANAGE_USB = "android.permission.MANAGE_USB";

    field public static final java.lang.String MANAGE_USERS = "android.permission.MANAGE_USERS";

    field public static final java.lang.String MANAGE_USER_OEM_UNLOCK_STATE = "android.permission.MANAGE_USER_OEM_UNLOCK_STATE";

    field public static final java.lang.String MASTER_CLEAR = "android.permission.MASTER_CLEAR";

    field public static final java.lang.String MEDIA_CONTENT_CONTROL = "android.permission.MEDIA_CONTENT_CONTROL";

    field public static final java.lang.String MODIFY_APPWIDGET_BIND_PERMISSIONS = "android.permission.MODIFY_APPWIDGET_BIND_PERMISSIONS";
@@ -9401,6 +9403,7 @@ package android.content { 
    field public static final java.lang.String NFC_SERVICE = "nfc";

    field public static final java.lang.String NOTIFICATION_SERVICE = "notification";

    field public static final java.lang.String NSD_SERVICE = "servicediscovery";

    field public static final java.lang.String OEM_LOCK_SERVICE = "oem_lock";

    field public static final java.lang.String PERSISTENT_DATA_BLOCK_SERVICE = "persistent_data_block";

    field public static final java.lang.String POWER_SERVICE = "power";

    field public static final java.lang.String PRINT_SERVICE = "print";
@@ -34483,7 +34486,7 @@ package android.os { 
    field public static final java.lang.String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts";

    field public static final java.lang.String DISALLOW_MOUNT_PHYSICAL_MEDIA = "no_physical_media";

    field public static final java.lang.String DISALLOW_NETWORK_RESET = "no_network_reset";

    field public static final java.lang.String DISALLOW_OEM_UNLOCK = "no_oem_unlock";

    field public static final deprecated java.lang.String DISALLOW_OEM_UNLOCK = "no_oem_unlock";

    field public static final java.lang.String DISALLOW_OUTGOING_BEAM = "no_outgoing_beam";

    field public static final java.lang.String DISALLOW_OUTGOING_CALLS = "no_outgoing_calls";

    field public static final java.lang.String DISALLOW_REMOVE_MANAGED_PROFILE = "no_remove_managed_profile";
@@ -40376,15 +40379,26 @@ package android.service.notification { 














}



























package android.service.oemlock {

























  public class OemLockManager {













    method public boolean isOemUnlockAllowedByCarrier();













    method public boolean isOemUnlockAllowedByUser();













    method public void setOemUnlockAllowedByCarrier(boolean, byte[]);













    method public void setOemUnlockAllowedByUser(boolean);













  }

























}



























package android.service.persistentdata {





























  public class PersistentDataBlockManager {















    method public int getDataBlockSize();















    method public int getFlashLockState();















    method public long getMaximumDataBlockSize();













    method public boolean getOemUnlockEnabled();













    method public deprecated boolean getOemUnlockEnabled();















    method public byte[] read();













    method public void setOemUnlockEnabled(boolean);













    method public deprecated void setOemUnlockEnabled(boolean);















    method public void wipe();















    method public int write(byte[]);















    field public static final int FLASH_LOCK_LOCKED = 1; // 0x1

























core/java/android/app/SystemServiceRegistry.java



+16
−0




























Original line number
Diff line number
Diff line








@@ -118,6 +118,8 @@ import android.print.IPrintManager;













import android.print.PrintManager;















import android.view.autofill.AutofillManager;















import android.view.autofill.IAutoFillManager;













import android.service.oemlock.IOemLockService;













import android.service.oemlock.OemLockManager;















import android.service.persistentdata.IPersistentDataBlockService;















import android.service.persistentdata.PersistentDataBlockManager;















import android.service.vr.IVrManager;










@@ -741,6 +743,20 @@ final class SystemServiceRegistry {













                }















            }});





























        registerService(Context.OEM_LOCK_SERVICE, OemLockManager.class,













                new StaticServiceFetcher<OemLockManager>() {













            @Override













            public OemLockManager createService() throws ServiceNotFoundException {













                IBinder b = ServiceManager.getServiceOrThrow(Context.OEM_LOCK_SERVICE);













                IOemLockService oemLockService = IOemLockService.Stub.asInterface(b);













                if (oemLockService != null) {













                    return new OemLockManager(oemLockService);













                } else {













                    // not supported













                    return null;













                }













            }});





























        registerService(Context.MEDIA_PROJECTION_SERVICE, MediaProjectionManager.class,















                new CachedServiceFetcher<MediaProjectionManager>() {















            @Override

































core/java/android/content/Context.java



+12
−0




























Original line number
Diff line number
Diff line








@@ -2872,6 +2872,7 @@ public abstract class Context {













            BATTERY_SERVICE,















            JOB_SCHEDULER_SERVICE,















            //@hide: PERSISTENT_DATA_BLOCK_SERVICE,













            //@hide: OEM_LOCK_SERVICE,















            MEDIA_PROJECTION_SERVICE,















            MIDI_SERVICE,















            RADIO_SERVICE,










@@ -3792,6 +3793,17 @@ public abstract class Context {













    @SystemApi















    public static final String PERSISTENT_DATA_BLOCK_SERVICE = "persistent_data_block";





























    /**













     * Use with {@link #getSystemService} to retrieve a {@link













     * android.service.oemlock.OemLockManager} instance for managing the OEM lock.













     *













     * @see #getSystemService













     * @see android.service.oemlock.OemLockManager













     * @hide













     */













    @SystemApi













    public static final String OEM_LOCK_SERVICE = "oem_lock";





























    /**















     * Use with {@link #getSystemService} to retrieve a {@link















     * android.media.projection.MediaProjectionManager} instance for managing

































core/java/android/os/UserManager.java



+2
−0




























Original line number
Diff line number
Diff line








@@ -682,8 +682,10 @@ public class UserManager {













     * @see DevicePolicyManager#addUserRestriction(ComponentName, String)















     * @see DevicePolicyManager#clearUserRestriction(ComponentName, String)















     * @see #getUserRestrictions()













     * @deprecated use {@link OemLockManager#setOemUnlockAllowedByCarrier(boolean, byte[])} instead.















     * @hide















     */













    @Deprecated















    @SystemApi















    public static final String DISALLOW_OEM_UNLOCK = "no_oem_unlock";