Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 48ee13b6 authored by Your Name's avatar Your Name Committed by Jacob Hobbie
Browse files

Fixing an Active Unlock security vulnerability. 

Now if the trustagent dies within 15 seconds of granting renewable
trust, we will lock the phone.

BUG: 258241999
Test: manually tested
Change-Id: I69057288a9bc76ffa90192c6f6531346fe815d91
parent 14a97df1

services/core/java/com/android/server/trust/TrustAgentWrapper.java

+21 −1
Original line number Diff line number Diff line
@@ -107,6 +107,7 @@ public class TrustAgentWrapper { 
    // Trust state

    private boolean mTrusted;

    private boolean mWaitingForTrustableDowngrade = false;

    private boolean mWithinSecurityLockdownWindow = false;

    private boolean mTrustable;

    private CharSequence mMessage;

    private boolean mDisplayTrustGrantedMessage;
@@ -160,6 +161,7 @@ public class TrustAgentWrapper { 
                    mDisplayTrustGrantedMessage = (flags & FLAG_GRANT_TRUST_DISPLAY_MESSAGE) != 0;

                    if ((flags & FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) != 0) {

                        mWaitingForTrustableDowngrade = true;

                        setSecurityWindowTimer();

                    } else {

                        mWaitingForTrustableDowngrade = false;

                    }
@@ -452,6 +454,9 @@ public class TrustAgentWrapper { 
            if (mBound) {

                scheduleRestart();

            }

            if (mWithinSecurityLockdownWindow) {

                mTrustManagerService.lockUser(mUserId);

            }

            // mTrustDisabledByDpm maintains state

        }

    };
@@ -673,6 +678,22 @@ public class TrustAgentWrapper { 
        }

    }



    private void setSecurityWindowTimer() {

        mWithinSecurityLockdownWindow = true;

        long expiration = SystemClock.elapsedRealtime() + (15 * 1000); // timer for 15 seconds

        mAlarmManager.setExact(

                AlarmManager.ELAPSED_REALTIME_WAKEUP,

                expiration,

                TAG,

                new AlarmManager.OnAlarmListener() {

                    @Override

                    public void onAlarm() {

                        mWithinSecurityLockdownWindow = false;

                    }

                },

                Handler.getMain());

    }



    public boolean isManagingTrust() {

        return mManagingTrust && !mTrustDisabledByDpm;

    }
@@ -691,7 +712,6 @@ public class TrustAgentWrapper { 


    public void destroy() {

        mHandler.removeMessages(MSG_RESTART_TIMEOUT);



        if (!mBound) {

            return;

        }