Loading services/core/java/com/android/server/locksettings/LockSettingsService.java +8 −3 Original line number Diff line number Diff line Loading @@ -1016,9 +1016,14 @@ public class LockSettingsService extends ILockSettings.Stub { } private void enforceFrpResolved() { if (mInjector.settingsSecureGetInt(mContext.getContentResolver(), Settings.Secure.SECURE_FRP_MODE, 0, UserHandle.USER_SYSTEM) == 1) { throw new SecurityException("Cannot change credential while FRP is not resolved yet"); final ContentResolver cr = mContext.getContentResolver(); final boolean inSetupWizard = mInjector.settingsSecureGetInt(cr, Settings.Secure.USER_SETUP_COMPLETE, 0, UserHandle.USER_SYSTEM) == 0; final boolean secureFrp = mInjector.settingsSecureGetInt(cr, Settings.Secure.SECURE_FRP_MODE, 0, UserHandle.USER_SYSTEM) == 1; if (inSetupWizard && secureFrp) { throw new SecurityException("Cannot change credential in SUW while factory reset" + " protection is not resolved yet"); } } Loading services/tests/servicestests/src/com/android/server/locksettings/FakeSettings.java +9 −0 Original line number Diff line number Diff line Loading @@ -23,6 +23,7 @@ public class FakeSettings { private int mDeviceProvisioned; private int mSecureFrpMode; private int mUserSetupComplete; public void setDeviceProvisioned(boolean provisioned) { mDeviceProvisioned = provisioned ? 1 : 0; Loading @@ -32,6 +33,10 @@ public class FakeSettings { mSecureFrpMode = secure ? 1 : 0; } public void setUserSetupComplete(boolean complete) { mUserSetupComplete = complete ? 1 : 0; } public int globalGetInt(String keyName) { switch (keyName) { case Settings.Global.DEVICE_PROVISIONED: Loading @@ -46,6 +51,10 @@ public class FakeSettings { if (Settings.Secure.SECURE_FRP_MODE.equals(keyName) && userId == UserHandle.USER_SYSTEM) { return mSecureFrpMode; } if (Settings.Secure.USER_SETUP_COMPLETE.equals(keyName) && userId == UserHandle.USER_SYSTEM) { return mUserSetupComplete; } return defaultValue; } } services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java +10 −1 Original line number Diff line number Diff line Loading @@ -417,7 +417,8 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test public void testCredentialChangeNotPossibleInSecureFrpMode() { public void testCredentialChangeNotPossibleInSecureFrpModeDuringSuw() { mSettings.setUserSetupComplete(false); mSettings.setSecureFrpMode(true); try { mService.setLockCredential(newPassword("1234"), nonePassword(), PRIMARY_USER_ID); Loading @@ -425,6 +426,14 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } catch (SecurityException e) { } } @Test public void testCredentialChangePossibleInSecureFrpModeAfterSuw() { mSettings.setUserSetupComplete(true); mSettings.setSecureFrpMode(true); assertTrue(mService.setLockCredential(newPassword("1234"), nonePassword(), PRIMARY_USER_ID)); } private void testCreateCredential(int userId, LockscreenCredential credential) throws RemoteException { assertTrue(mService.setLockCredential(credential, nonePassword(), userId)); Loading Loading
services/core/java/com/android/server/locksettings/LockSettingsService.java +8 −3 Original line number Diff line number Diff line Loading @@ -1016,9 +1016,14 @@ public class LockSettingsService extends ILockSettings.Stub { } private void enforceFrpResolved() { if (mInjector.settingsSecureGetInt(mContext.getContentResolver(), Settings.Secure.SECURE_FRP_MODE, 0, UserHandle.USER_SYSTEM) == 1) { throw new SecurityException("Cannot change credential while FRP is not resolved yet"); final ContentResolver cr = mContext.getContentResolver(); final boolean inSetupWizard = mInjector.settingsSecureGetInt(cr, Settings.Secure.USER_SETUP_COMPLETE, 0, UserHandle.USER_SYSTEM) == 0; final boolean secureFrp = mInjector.settingsSecureGetInt(cr, Settings.Secure.SECURE_FRP_MODE, 0, UserHandle.USER_SYSTEM) == 1; if (inSetupWizard && secureFrp) { throw new SecurityException("Cannot change credential in SUW while factory reset" + " protection is not resolved yet"); } } Loading
services/tests/servicestests/src/com/android/server/locksettings/FakeSettings.java +9 −0 Original line number Diff line number Diff line Loading @@ -23,6 +23,7 @@ public class FakeSettings { private int mDeviceProvisioned; private int mSecureFrpMode; private int mUserSetupComplete; public void setDeviceProvisioned(boolean provisioned) { mDeviceProvisioned = provisioned ? 1 : 0; Loading @@ -32,6 +33,10 @@ public class FakeSettings { mSecureFrpMode = secure ? 1 : 0; } public void setUserSetupComplete(boolean complete) { mUserSetupComplete = complete ? 1 : 0; } public int globalGetInt(String keyName) { switch (keyName) { case Settings.Global.DEVICE_PROVISIONED: Loading @@ -46,6 +51,10 @@ public class FakeSettings { if (Settings.Secure.SECURE_FRP_MODE.equals(keyName) && userId == UserHandle.USER_SYSTEM) { return mSecureFrpMode; } if (Settings.Secure.USER_SETUP_COMPLETE.equals(keyName) && userId == UserHandle.USER_SYSTEM) { return mUserSetupComplete; } return defaultValue; } }
services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java +10 −1 Original line number Diff line number Diff line Loading @@ -417,7 +417,8 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } @Test public void testCredentialChangeNotPossibleInSecureFrpMode() { public void testCredentialChangeNotPossibleInSecureFrpModeDuringSuw() { mSettings.setUserSetupComplete(false); mSettings.setSecureFrpMode(true); try { mService.setLockCredential(newPassword("1234"), nonePassword(), PRIMARY_USER_ID); Loading @@ -425,6 +426,14 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { } catch (SecurityException e) { } } @Test public void testCredentialChangePossibleInSecureFrpModeAfterSuw() { mSettings.setUserSetupComplete(true); mSettings.setSecureFrpMode(true); assertTrue(mService.setLockCredential(newPassword("1234"), nonePassword(), PRIMARY_USER_ID)); } private void testCreateCredential(int userId, LockscreenCredential credential) throws RemoteException { assertTrue(mService.setLockCredential(credential, nonePassword(), userId)); Loading
