Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 63fb5f11 authored by Rubin Xu's avatar Rubin Xu Committed by Automerger Merge Worker
Browse files

Merge "Only enforce secure FRP mode when in setup wizard" into rvc-dev am:... 

Merge "Only enforce secure FRP mode when in setup wizard" into rvc-dev am: c8983dbe am: 2e36e290

Change-Id: I3380a5a018d1ea8aa498e27ea9914cde6cd757aa
parents 12fd59e7 2e36e290

services/core/java/com/android/server/locksettings/LockSettingsService.java

+8 −3
Original line number Diff line number Diff line
@@ -1016,9 +1016,14 @@ public class LockSettingsService extends ILockSettings.Stub { 
    }



    private void enforceFrpResolved() {

        if (mInjector.settingsSecureGetInt(mContext.getContentResolver(),

                Settings.Secure.SECURE_FRP_MODE, 0, UserHandle.USER_SYSTEM) == 1) {

            throw new SecurityException("Cannot change credential while FRP is not resolved yet");

        final ContentResolver cr = mContext.getContentResolver();

        final boolean inSetupWizard = mInjector.settingsSecureGetInt(cr,

                Settings.Secure.USER_SETUP_COMPLETE, 0, UserHandle.USER_SYSTEM) == 0;

        final boolean secureFrp = mInjector.settingsSecureGetInt(cr,

                Settings.Secure.SECURE_FRP_MODE, 0, UserHandle.USER_SYSTEM) == 1;

        if (inSetupWizard && secureFrp) {

            throw new SecurityException("Cannot change credential in SUW while factory reset"

                    + " protection is not resolved yet");

        }

    }

services/tests/servicestests/src/com/android/server/locksettings/FakeSettings.java

+9 −0
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@ public class FakeSettings { 


    private int mDeviceProvisioned;

    private int mSecureFrpMode;

    private int mUserSetupComplete;



    public void setDeviceProvisioned(boolean provisioned) {

        mDeviceProvisioned = provisioned ? 1 : 0;
@@ -32,6 +33,10 @@ public class FakeSettings { 
        mSecureFrpMode = secure ? 1 : 0;

    }



    public void setUserSetupComplete(boolean complete) {

        mUserSetupComplete = complete ? 1 : 0;

    }



    public int globalGetInt(String keyName) {

        switch (keyName) {

            case Settings.Global.DEVICE_PROVISIONED:
@@ -46,6 +51,10 @@ public class FakeSettings { 
        if (Settings.Secure.SECURE_FRP_MODE.equals(keyName) && userId == UserHandle.USER_SYSTEM) {

            return mSecureFrpMode;

        }

        if (Settings.Secure.USER_SETUP_COMPLETE.equals(keyName)

                && userId == UserHandle.USER_SYSTEM) {

            return mUserSetupComplete;

        }

        return defaultValue;

    }

}

services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java

+10 −1
Original line number Diff line number Diff line
@@ -417,7 +417,8 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
    }



    @Test

    public void testCredentialChangeNotPossibleInSecureFrpMode() {

    public void testCredentialChangeNotPossibleInSecureFrpModeDuringSuw() {

        mSettings.setUserSetupComplete(false);

        mSettings.setSecureFrpMode(true);

        try {

            mService.setLockCredential(newPassword("1234"), nonePassword(), PRIMARY_USER_ID);
@@ -425,6 +426,14 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
        } catch (SecurityException e) { }

    }



    @Test

    public void testCredentialChangePossibleInSecureFrpModeAfterSuw() {

        mSettings.setUserSetupComplete(true);

        mSettings.setSecureFrpMode(true);

        assertTrue(mService.setLockCredential(newPassword("1234"), nonePassword(),

                PRIMARY_USER_ID));

    }



    private void testCreateCredential(int userId, LockscreenCredential credential)

            throws RemoteException {

        assertTrue(mService.setLockCredential(credential, nonePassword(), userId));