Key revocation check is permissive when device is unlocked (be20495f) · Commits · e / os / android_frameworks_base

data/etc/privapp-permissions-platform.xml

+1 −0

Original line number	Diff line number	Diff line
		@@ -377,6 +377,7 @@ applications that come with the platform
		<privapp-permissions package="com.android.dynsystem">
		<permission name="android.permission.REBOOT"/>
		<permission name="android.permission.MANAGE_DYNAMIC_SYSTEM"/>
		<permission name="android.permission.READ_OEM_UNLOCK_STATE"/>
		</privapp-permissions>

		<privapp-permissions package="com.android.settings">

packages/DynamicSystemInstallationService/AndroidManifest.xml

+1 −0

Original line number	Diff line number	Diff line
		@@ -7,6 +7,7 @@
		<uses-permission android:name="android.permission.MANAGE_DYNAMIC_SYSTEM" />
		<uses-permission android:name="android.permission.REBOOT" />
		<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
		<uses-permission android:name="android.permission.READ_OEM_UNLOCK_STATE" />

		<application
		android:allowBackup="false"

packages/DynamicSystemInstallationService/src/com/android/dynsystem/InstallationAsyncTask.java

+14 −5

Original line number	Diff line number	Diff line
		@@ -23,6 +23,7 @@ import android.os.AsyncTask;
		import android.os.MemoryFile;
		import android.os.ParcelFileDescriptor;
		import android.os.image.DynamicSystemManager;
		import android.service.persistentdata.PersistentDataBlockManager;
		import android.util.Log;
		import android.webkit.URLUtil;

		@@ -133,6 +134,7 @@ class InstallationAsyncTask extends AsyncTask<String, InstallationAsyncTask.Prog
		private final DynamicSystemManager mDynSystem;
		private final ProgressListener mListener;
		private final boolean mIsNetworkUrl;
		private final boolean mIsDeviceBootloaderUnlocked;
		private DynamicSystemManager.Session mInstallationSession;
		private KeyRevocationList mKeyRevocationList;

		@@ -160,6 +162,13 @@ class InstallationAsyncTask extends AsyncTask<String, InstallationAsyncTask.Prog
		mDynSystem = dynSystem;
		mListener = listener;
		mIsNetworkUrl = URLUtil.isNetworkUrl(mUrl);
		PersistentDataBlockManager pdbManager =
		(PersistentDataBlockManager)
		mContext.getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE);
		mIsDeviceBootloaderUnlocked =
		(pdbManager != null)
		&& (pdbManager.getFlashLockState()
		== PersistentDataBlockManager.FLASH_LOCK_UNLOCKED);
		}

		@Override
		@@ -272,7 +281,6 @@ class InstallationAsyncTask extends AsyncTask<String, InstallationAsyncTask.Prog
		String.format(Locale.US, "Unsupported URL: %s", mUrl));
		}

		// TODO(yochiang): Bypass this check if device is unlocked
		try {
		String listUrl = mContext.getString(R.string.key_revocation_list_url);
		mKeyRevocationList = KeyRevocationList.fromUrl(new URL(listUrl));
		@@ -287,11 +295,12 @@ class InstallationAsyncTask extends AsyncTask<String, InstallationAsyncTask.Prog

		private void imageValidationThrowOrWarning(ImageValidationException e)
		throws ImageValidationException {
		if (mIsNetworkUrl) {
		throw e;
		} else {
		// If DSU is being installed from a local file URI, then be permissive
		if (mIsDeviceBootloaderUnlocked \|\| !mIsNetworkUrl) {
		// If device is OEM unlocked or DSU is being installed from a local file URI,
		// then be permissive.
		Log.w(TAG, e.toString());
		} else {
		throw e;
		}
		}