Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit d0d0a1c6 authored by Eric Biggers's avatar Eric Biggers
Browse files

Add permission checks to unified challenge cache APIs 

While it shouldn't be possible to do anything "bad" with these APIs,
they should require the ACCESS_KEYGUARD_SECURE_STORAGE permission just
like most other APIs in LockSettingsService.  This doesn't break the
legitimate users, both of which use Binder.clearCallingIdentity():

- tryUnlockWithCachedUnifiedChallenge() is only called by
  UserManagerService.requestQuietModeEnabled().

- removeCachedUnifiedChallenge() is only called by
  LockSettingsShellCommand ('locksettings remove-cache').

Bug: 239050838
Change-Id: Ib7224729c3e110aa44f0416f72063b38517ed089
parent 08b9eefa
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment