Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9959cc87 authored by Paul Lawrence's avatar Paul Lawrence Committed by android-build-merger
Browse files

Merge "Check permission on clearPassword and other CryptKeeper APIs" into nyc-dev 

am: 1658fff3

* commit '1658fff3':
  Check permission on clearPassword and other CryptKeeper APIs

Change-Id: Iee6132f112991a8486b7c77d22a8f72f8705a657
parents 7e2e50ce 1658fff3

services/core/java/com/android/server/LockSettingsService.java

+8 −2
Original line number Diff line number Diff line
@@ -1281,8 +1281,14 @@ public class LockSettingsService extends ILockSettings.Stub { 
        // service can't connect to vold, it restarts, and then the new instance

        // does successfully connect.

        final IMountService service = getMountService();

        String password = service.getPassword();

        String password;

        long identity = Binder.clearCallingIdentity();

        try {

            password = service.getPassword();

            service.clearPassword();

        } finally {

            Binder.restoreCallingIdentity(identity);

        }

        if (password == null) {

            return false;

        }

services/core/java/com/android/server/MountService.java

+13 −1
Original line number Diff line number Diff line
@@ -2648,6 +2648,8 @@ class MountService extends IMountService.Stub 
     */

    @Override

    public int getPasswordType() {

        mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL,

            "no permission to access the crypt keeper");



        waitForReady();
@@ -2672,6 +2674,8 @@ class MountService extends IMountService.Stub 
     */

    @Override

    public void setField(String field, String contents) throws RemoteException {

        mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL,

            "no permission to access the crypt keeper");



        waitForReady();
@@ -2690,6 +2694,8 @@ class MountService extends IMountService.Stub 
     */

    @Override

    public String getField(String field) throws RemoteException {

        mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL,

            "no permission to access the crypt keeper");



        waitForReady();
@@ -2714,6 +2720,8 @@ class MountService extends IMountService.Stub 
     */

    @Override

    public boolean isConvertibleToFBE() throws RemoteException {

        mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL,

            "no permission to access the crypt keeper");



        waitForReady();
@@ -2728,8 +2736,9 @@ class MountService extends IMountService.Stub 


    @Override

    public String getPassword() throws RemoteException {

        mContext.enforceCallingOrSelfPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE,

        mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL,

                "only keyguard can retrieve password");



        if (!isReady()) {

            return new String();

        }
@@ -2752,6 +2761,9 @@ class MountService extends IMountService.Stub 


    @Override

    public void clearPassword() throws RemoteException {

        mContext.enforceCallingOrSelfPermission(Manifest.permission.STORAGE_INTERNAL,

                "only keyguard can clear password");



        if (!isReady()) {

            return;

        }