Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b21751b2 authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Switch FRP check to the new trustworthy source 

Previously, FRP state is stored in a setting. It isn't trustworthy
because once an attacker escape from SUW, they can enable adb shell to
override the value.

In V, we revamped FRP. This change switches the check against the new
API.

Bug: 328802636
Test: adb shell cmd persistent_data_block activate
      # Install APK from AOSP Files app failed
Test: adb shell cmd persistent_data_block auto_deactivate
      # Install APK from AOSP Files app succeeded
Change-Id: I404ff769a5158a967539722235e3a7dd269d6e1c
parent 742f7de4

services/core/java/com/android/server/pm/PackageInstallerSession.java

+16 −2
Original line number Diff line number Diff line
@@ -148,6 +148,7 @@ import android.os.incremental.V4Signature; 
import android.os.storage.StorageManager;

import android.provider.DeviceConfig;

import android.provider.Settings.Global;

import android.service.persistentdata.PersistentDataBlockManager;

import android.stats.devicepolicy.DevicePolicyEnums;

import android.system.ErrnoException;

import android.system.Int64Ref;
@@ -2355,8 +2356,21 @@ public class PackageInstallerSession extends IPackageInstallerSession.Stub { 
            assertPreparedAndNotDestroyedLocked("commit of session " + sessionId);

            assertNoWriteFileTransfersOpenLocked();



            final boolean isSecureFrpEnabled =

                    Global.getInt(mContext.getContentResolver(), Global.SECURE_FRP_MODE, 0) == 1;

            boolean isSecureFrpEnabled;

            if (android.security.Flags.frpEnforcement()) {

                PersistentDataBlockManager pdbManager =

                        mContext.getSystemService(PersistentDataBlockManager.class);

                if (pdbManager == null) {

                    // Some devices may not support FRP. In that case, we can't block the install

                    // accordingly.

                    isSecureFrpEnabled = false;

                } else {

                    isSecureFrpEnabled = pdbManager.isFactoryResetProtectionActive();

                }

            } else {

                isSecureFrpEnabled = Global.getInt(mContext.getContentResolver(),

                        Global.SECURE_FRP_MODE, 0) == 1;

            }



            if (isSecureFrpEnabled

                    && !isSecureFrpInstallAllowed(mContext, Binder.getCallingUid())) {