Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dbc82577 authored by Rubin Xu's avatar Rubin Xu Committed by Automerger Merge Worker
Browse files

Merge "Only enforce secure FRP mode when in setup wizard" into rvc-dev am:... 

Merge "Only enforce secure FRP mode when in setup wizard" into rvc-dev am: c8983dbe am: 2e36e290

Change-Id: Ibb33a070b89df2fcff2a3c23701f031b2ce9165c
parents ac2eab92 2e36e290

services/core/java/com/android/server/locksettings/LockSettingsService.java

+8 −3
Original line number Diff line number Diff line
@@ -1016,9 +1016,14 @@ public class LockSettingsService extends ILockSettings.Stub { 
    }



    private void enforceFrpResolved() {

        if (mInjector.settingsSecureGetInt(mContext.getContentResolver(),

                Settings.Secure.SECURE_FRP_MODE, 0, UserHandle.USER_SYSTEM) == 1) {

            throw new SecurityException("Cannot change credential while FRP is not resolved yet");

        final ContentResolver cr = mContext.getContentResolver();

        final boolean inSetupWizard = mInjector.settingsSecureGetInt(cr,

                Settings.Secure.USER_SETUP_COMPLETE, 0, UserHandle.USER_SYSTEM) == 0;

        final boolean secureFrp = mInjector.settingsSecureGetInt(cr,

                Settings.Secure.SECURE_FRP_MODE, 0, UserHandle.USER_SYSTEM) == 1;

        if (inSetupWizard && secureFrp) {

            throw new SecurityException("Cannot change credential in SUW while factory reset"

                    + " protection is not resolved yet");

        }

    }

services/tests/servicestests/src/com/android/server/locksettings/FakeSettings.java

+9 −0
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@ public class FakeSettings { 


    private int mDeviceProvisioned;

    private int mSecureFrpMode;

    private int mUserSetupComplete;



    public void setDeviceProvisioned(boolean provisioned) {

        mDeviceProvisioned = provisioned ? 1 : 0;
@@ -32,6 +33,10 @@ public class FakeSettings { 
        mSecureFrpMode = secure ? 1 : 0;

    }



    public void setUserSetupComplete(boolean complete) {

        mUserSetupComplete = complete ? 1 : 0;

    }



    public int globalGetInt(String keyName) {

        switch (keyName) {

            case Settings.Global.DEVICE_PROVISIONED:
@@ -46,6 +51,10 @@ public class FakeSettings { 
        if (Settings.Secure.SECURE_FRP_MODE.equals(keyName) && userId == UserHandle.USER_SYSTEM) {

            return mSecureFrpMode;

        }

        if (Settings.Secure.USER_SETUP_COMPLETE.equals(keyName)

                && userId == UserHandle.USER_SYSTEM) {

            return mUserSetupComplete;

        }

        return defaultValue;

    }

}

services/tests/servicestests/src/com/android/server/locksettings/LockSettingsServiceTests.java

+10 −1
Original line number Diff line number Diff line
@@ -417,7 +417,8 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
    }



    @Test

    public void testCredentialChangeNotPossibleInSecureFrpMode() {

    public void testCredentialChangeNotPossibleInSecureFrpModeDuringSuw() {

        mSettings.setUserSetupComplete(false);

        mSettings.setSecureFrpMode(true);

        try {

            mService.setLockCredential(newPassword("1234"), nonePassword(), PRIMARY_USER_ID);
@@ -425,6 +426,14 @@ public class LockSettingsServiceTests extends BaseLockSettingsServiceTests { 
        } catch (SecurityException e) { }

    }



    @Test

    public void testCredentialChangePossibleInSecureFrpModeAfterSuw() {

        mSettings.setUserSetupComplete(true);

        mSettings.setSecureFrpMode(true);

        assertTrue(mService.setLockCredential(newPassword("1234"), nonePassword(),

                PRIMARY_USER_ID));

    }



    private void testCreateCredential(int userId, LockscreenCredential credential)

            throws RemoteException {

        assertTrue(mService.setLockCredential(credential, nonePassword(), userId));