Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 98991269 authored by Eric Biggers's avatar Eric Biggers
Browse files

TrustManagerService: clear calling identity in isTrustUsuallyManaged() 

Since LockPatternUtils.isTrustUsuallyManaged() now requires the
ACCESS_KEYGUARD_SECURE_STORAGE permission (via its use of
ILockSettings.getBoolean()), TrustManagerService.isTrustUsuallyManaged()
should clear the calling identity after checking for the TRUST_LISTENER
permission.  Otherwise it starts requiring the
ACCESS_KEYGUARD_SECURE_STORAGE permission as well.

Found by code review when re-checking the specific scenario reported in
b/156606120.  Note that this is a hidden API and its only callers have
the ACCESS_KEYGUARD_SECURE_STORAGE permission already, so it shouldn't
actually cause a problem to start requiring it.  I'm just making this
change to preserve the intent of this API.

Bug: 156606120
Bug: 256170784
Change-Id: I51a6142bdb7ac092ffad92cde5798ed2aa05a233
parent 19ed4261

services/core/java/com/android/server/trust/TrustManagerService.java

+6 −2
Original line number Diff line number Diff line
@@ -1760,8 +1760,12 @@ public class TrustManagerService extends SystemService { 
        @Override

        public boolean isTrustUsuallyManaged(int userId) {

            super.isTrustUsuallyManaged_enforcePermission();



            final long identity = Binder.clearCallingIdentity();

            try {

                return isTrustUsuallyManagedInternal(userId);

            } finally {

                Binder.restoreCallingIdentity(identity);

            }

        }



        @Override