Merge "Fixing an Active Unlock security vulnerability." into tm-qpr-dev am: 738f874e44 am: b61f54c521

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/20513670 Change-Id: I2fcf8b6fe20082f3ec25b0a3b5b2540bffd78199 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Jacob Hobbie <jacobhobbie@google.com> 2022-11-30 19:33:03 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2022-11-30 19:33:03 +0000
commit: 30f462ae28b2a65395f8cb271aed03f9a47c29e4 (patch)
tree: 6d79c90393705b990ea79874ef2050f3f7499a65
parent: edcefad329a13c1b8abfe7eb7a2a42ac8813784d (diff)
parent: b61f54c521f7cb86363222b9ce263f0c5bbca60c (diff)
1 files changed, 21 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/trust/TrustAgentWrapper.java b/services/core/java/com/android/server/trust/TrustAgentWrapper.java
index 0b1f6b9ba285..f971db9b5f0e 100644
--- a/services/core/java/com/android/server/trust/TrustAgentWrapper.java
+++ b/services/core/java/com/android/server/trust/TrustAgentWrapper.java
@@ -107,6 +107,7 @@ public class TrustAgentWrapper {
     // Trust state
     private boolean mTrusted;
     private boolean mWaitingForTrustableDowngrade = false;
+    private boolean mWithinSecurityLockdownWindow = false;
     private boolean mTrustable;
     private CharSequence mMessage;
     private boolean mDisplayTrustGrantedMessage;
@@ -160,6 +161,7 @@ public class TrustAgentWrapper {
                     mDisplayTrustGrantedMessage = (flags & FLAG_GRANT_TRUST_DISPLAY_MESSAGE) != 0;
                     if ((flags & FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) != 0) {
                         mWaitingForTrustableDowngrade = true;
+                        setSecurityWindowTimer();
                     } else {
                         mWaitingForTrustableDowngrade = false;
                     }
@@ -452,6 +454,9 @@ public class TrustAgentWrapper {
             if (mBound) {
                 scheduleRestart();
             }
+            if (mWithinSecurityLockdownWindow) {
+                mTrustManagerService.lockUser(mUserId);
+            }
             // mTrustDisabledByDpm maintains state
         }
     };
@@ -673,6 +678,22 @@ public class TrustAgentWrapper {
         }
     }
 
+    private void setSecurityWindowTimer() {
+        mWithinSecurityLockdownWindow = true;
+        long expiration = SystemClock.elapsedRealtime() + (15 * 1000); // timer for 15 seconds
+        mAlarmManager.setExact(
+                AlarmManager.ELAPSED_REALTIME_WAKEUP,
+                expiration,
+                TAG,
+                new AlarmManager.OnAlarmListener() {
+                    @Override
+                    public void onAlarm() {
+                        mWithinSecurityLockdownWindow = false;
+                    }
+                },
+                Handler.getMain());
+    }
+
     public boolean isManagingTrust() {
         return mManagingTrust && !mTrustDisabledByDpm;
     }
@@ -691,7 +712,6 @@ public class TrustAgentWrapper {
 
     public void destroy() {
         mHandler.removeMessages(MSG_RESTART_TIMEOUT);
-
         if (!mBound) {
             return;
         }
author	Jacob Hobbie <jacobhobbie@google.com>	2022-11-30 19:33:03 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-11-30 19:33:03 +0000
commit	30f462ae28b2a65395f8cb271aed03f9a47c29e4 (patch)
tree	6d79c90393705b990ea79874ef2050f3f7499a65
parent	edcefad329a13c1b8abfe7eb7a2a42ac8813784d (diff)
parent	b61f54c521f7cb86363222b9ce263f0c5bbca60c (diff)