Merge "LockSettings: Enforce permission check on... (dd4e76b6) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/locksettings/LockSettingsService.java

+15 −0

Original line number	Original line	Diff line number	Diff line
	@@ -19,6 +19,7 @@ package com.android.server.locksettings;
	import static android.Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE;		import static android.Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE;
	import static android.Manifest.permission.READ_CONTACTS;		import static android.Manifest.permission.READ_CONTACTS;
	import static android.content.Context.KEYGUARD_SERVICE;		import static android.content.Context.KEYGUARD_SERVICE;
			import static android.content.pm.PackageManager.PERMISSION_GRANTED;

	import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT;		import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT;
	import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_ENABLED_KEY;		import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_ENABLED_KEY;
	@@ -77,6 +78,7 @@ import android.service.gatekeeper.GateKeeperResponse;
	import android.service.gatekeeper.IGateKeeperService;		import android.service.gatekeeper.IGateKeeperService;
	import android.text.TextUtils;		import android.text.TextUtils;
	import android.util.ArrayMap;		import android.util.ArrayMap;
			import android.util.EventLog;
	import android.util.Log;		import android.util.Log;
	import android.util.Slog;		import android.util.Slog;

	@@ -559,6 +561,10 @@ public class LockSettingsService extends ILockSettings.Stub {

	@Override // binder interface		@Override // binder interface
	public void systemReady() {		public void systemReady() {
			if (mContext.checkCallingOrSelfPermission(PERMISSION) != PERMISSION_GRANTED) {
			EventLog.writeEvent(0x534e4554, "28251513", getCallingUid(), ""); // SafetyNet
			}
			checkWritePermission(UserHandle.USER_SYSTEM);
	migrateOldData();		migrateOldData();
	try {		try {
	getGateKeeperService();		getGateKeeperService();
	@@ -805,6 +811,13 @@ public class LockSettingsService extends ILockSettings.Stub {
	mContext.enforceCallingOrSelfPermission(PERMISSION, "LockSettingsRead");		mContext.enforceCallingOrSelfPermission(PERMISSION, "LockSettingsRead");
	}		}

			private final void checkPasswordHavePermission(int userId) {
			if (mContext.checkCallingOrSelfPermission(PERMISSION) != PERMISSION_GRANTED) {
			EventLog.writeEvent(0x534e4554, "28251513", getCallingUid(), ""); // SafetyNet
			}
			mContext.enforceCallingOrSelfPermission(PERMISSION, "LockSettingsHave");
			}

	private final void checkReadPermission(String requestedKey, int userId) {		private final void checkReadPermission(String requestedKey, int userId) {
	final int callingUid = Binder.getCallingUid();		final int callingUid = Binder.getCallingUid();

	@@ -934,6 +947,7 @@ public class LockSettingsService extends ILockSettings.Stub {

	@Override		@Override
	public boolean havePassword(int userId) throws RemoteException {		public boolean havePassword(int userId) throws RemoteException {
			checkPasswordHavePermission(userId);
	synchronized (mSpManager) {		synchronized (mSpManager) {
	if (isSyntheticPasswordBasedCredentialLocked(userId)) {		if (isSyntheticPasswordBasedCredentialLocked(userId)) {
	long handle = getSyntheticPasswordHandleLocked(userId);		long handle = getSyntheticPasswordHandleLocked(userId);
	@@ -947,6 +961,7 @@ public class LockSettingsService extends ILockSettings.Stub {

	@Override		@Override
	public boolean havePattern(int userId) throws RemoteException {		public boolean havePattern(int userId) throws RemoteException {
			checkPasswordHavePermission(userId);
	synchronized (mSpManager) {		synchronized (mSpManager) {
	if (isSyntheticPasswordBasedCredentialLocked(userId)) {		if (isSyntheticPasswordBasedCredentialLocked(userId)) {
	long handle = getSyntheticPasswordHandleLocked(userId);		long handle = getSyntheticPasswordHandleLocked(userId);