Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7f405f17 authored by Ricky Wai's avatar Ricky Wai
Browse files

Add permission checking on service calls in LockSettingsService 

Bug: 28941207
Change-Id: I113db10bb57f250d44361a0a5144a7d1c990ba4d
parent fc713096

services/core/java/com/android/server/LockSettingsService.java

+6 −4
Original line number Original line Diff line number Diff line
@@ -617,6 +617,7 @@ public class LockSettingsService extends ILockSettings.Stub { 




    @Override

    @Override

    public boolean getSeparateProfileChallengeEnabled(int userId) throws RemoteException {

    public boolean getSeparateProfileChallengeEnabled(int userId) throws RemoteException {

        checkReadPermission(SEPARATE_PROFILE_CHALLENGE_KEY, userId);

        synchronized (mSeparateChallengeLock) {

        synchronized (mSeparateChallengeLock) {

            return getBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, false, userId);

            return getBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, false, userId);

        }

        }
@@ -625,6 +626,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
    @Override

    @Override

    public void setSeparateProfileChallengeEnabled(int userId, boolean enabled,

    public void setSeparateProfileChallengeEnabled(int userId, boolean enabled,

            String managedUserPassword) throws RemoteException {

            String managedUserPassword) throws RemoteException {

        checkWritePermission(userId);

        synchronized (mSeparateChallengeLock) {

        synchronized (mSeparateChallengeLock) {

            setBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, enabled, userId);

            setBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, enabled, userId);

            if (enabled) {

            if (enabled) {
@@ -672,7 +674,6 @@ public class LockSettingsService extends ILockSettings.Stub { 
    @Override

    @Override

    public long getLong(String key, long defaultValue, int userId) throws RemoteException {

    public long getLong(String key, long defaultValue, int userId) throws RemoteException {

        checkReadPermission(key, userId);

        checkReadPermission(key, userId);



        String value = getStringUnchecked(key, null, userId);

        String value = getStringUnchecked(key, null, userId);

        return TextUtils.isEmpty(value) ? defaultValue : Long.parseLong(value);

        return TextUtils.isEmpty(value) ? defaultValue : Long.parseLong(value);

    }

    }
@@ -680,7 +681,6 @@ public class LockSettingsService extends ILockSettings.Stub { 
    @Override

    @Override

    public String getString(String key, String defaultValue, int userId) throws RemoteException {

    public String getString(String key, String defaultValue, int userId) throws RemoteException {

        checkReadPermission(key, userId);

        checkReadPermission(key, userId);



        return getStringUnchecked(key, defaultValue, userId);

        return getStringUnchecked(key, defaultValue, userId);

    }

    }
@@ -899,7 +899,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
        }

        }

    }

    }





    public void setLockPatternInternal(String pattern, String savedCredential, int userId)

    private void setLockPatternInternal(String pattern, String savedCredential, int userId)

            throws RemoteException {

            throws RemoteException {

        byte[] currentHandle = getCurrentHandle(userId);

        byte[] currentHandle = getCurrentHandle(userId);
@@ -962,7 +962,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
        }

        }

    }

    }





    public void setLockPasswordInternal(String password, String savedCredential, int userId)

    private void setLockPasswordInternal(String password, String savedCredential, int userId)

            throws RemoteException {

            throws RemoteException {

        byte[] currentHandle = getCurrentHandle(userId);

        byte[] currentHandle = getCurrentHandle(userId);

        if (password == null) {

        if (password == null) {
@@ -1150,6 +1150,7 @@ public class LockSettingsService extends ILockSettings.Stub { 




    @Override

    @Override

    public void resetKeyStore(int userId) throws RemoteException {

    public void resetKeyStore(int userId) throws RemoteException {

        checkWritePermission(userId);

        if (DEBUG) Slog.v(TAG, "Reset keystore for user: " + userId);

        if (DEBUG) Slog.v(TAG, "Reset keystore for user: " + userId);

        int managedUserId = -1;

        int managedUserId = -1;

        String managedUserDecryptedPassword = null;

        String managedUserDecryptedPassword = null;
@@ -1552,6 +1553,7 @@ public class LockSettingsService extends ILockSettings.Stub { 
            LockPatternUtils.LOCK_PASSWORD_SALT_KEY,

            LockPatternUtils.LOCK_PASSWORD_SALT_KEY,

            LockPatternUtils.PASSWORD_HISTORY_KEY,

            LockPatternUtils.PASSWORD_HISTORY_KEY,

            LockPatternUtils.PASSWORD_TYPE_KEY,

            LockPatternUtils.PASSWORD_TYPE_KEY,

            SEPARATE_PROFILE_CHALLENGE_KEY

    };

    };





    private static final String[] SETTINGS_TO_BACKUP = new String[] {

    private static final String[] SETTINGS_TO_BACKUP = new String[] {