Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b61f54c5 authored by Jacob Hobbie's avatar Jacob Hobbie Committed by Automerger Merge Worker
Browse files

Merge "Fixing an Active Unlock security vulnerability." into tm-qpr-dev am: 738f874e 

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/20513670



Change-Id: Iea014b8fba2e894bb615420f27aa4ab21fe0ec39
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 5d391fa6 738f874e

services/core/java/com/android/server/trust/TrustAgentWrapper.java

+21 −1
Original line number Diff line number Diff line
@@ -107,6 +107,7 @@ public class TrustAgentWrapper { 
    // Trust state

    private boolean mTrusted;

    private boolean mWaitingForTrustableDowngrade = false;

    private boolean mWithinSecurityLockdownWindow = false;

    private boolean mTrustable;

    private CharSequence mMessage;

    private boolean mDisplayTrustGrantedMessage;
@@ -160,6 +161,7 @@ public class TrustAgentWrapper { 
                    mDisplayTrustGrantedMessage = (flags & FLAG_GRANT_TRUST_DISPLAY_MESSAGE) != 0;

                    if ((flags & FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) != 0) {

                        mWaitingForTrustableDowngrade = true;

                        setSecurityWindowTimer();

                    } else {

                        mWaitingForTrustableDowngrade = false;

                    }
@@ -452,6 +454,9 @@ public class TrustAgentWrapper { 
            if (mBound) {

                scheduleRestart();

            }

            if (mWithinSecurityLockdownWindow) {

                mTrustManagerService.lockUser(mUserId);

            }

            // mTrustDisabledByDpm maintains state

        }

    };
@@ -673,6 +678,22 @@ public class TrustAgentWrapper { 
        }

    }



    private void setSecurityWindowTimer() {

        mWithinSecurityLockdownWindow = true;

        long expiration = SystemClock.elapsedRealtime() + (15 * 1000); // timer for 15 seconds

        mAlarmManager.setExact(

                AlarmManager.ELAPSED_REALTIME_WAKEUP,

                expiration,

                TAG,

                new AlarmManager.OnAlarmListener() {

                    @Override

                    public void onAlarm() {

                        mWithinSecurityLockdownWindow = false;

                    }

                },

                Handler.getMain());

    }



    public boolean isManagingTrust() {

        return mManagingTrust && !mTrustDisabledByDpm;

    }
@@ -691,7 +712,6 @@ public class TrustAgentWrapper { 


    public void destroy() {

        mHandler.removeMessages(MSG_RESTART_TIMEOUT);



        if (!mBound) {

            return;

        }