diff options
| author | 2016-05-31 12:05:05 +0100 | |
|---|---|---|
| committer | 2016-06-15 11:49:50 +0100 | |
| commit | 7f405f170f66d201f893a2f29866f528f0ec7fc8 (patch) | |
| tree | f1a1f41ee3cb21fb273b35732c5caad766402609 | |
| parent | fc7130964024dc80c2c9a5e878418a81d35df00b (diff) | |
Add permission checking on service calls in LockSettingsService
Bug: 28941207
Change-Id: I113db10bb57f250d44361a0a5144a7d1c990ba4d
| -rw-r--r-- | services/core/java/com/android/server/LockSettingsService.java | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java index fb1021ee50d7..7050f7341483 100644 --- a/services/core/java/com/android/server/LockSettingsService.java +++ b/services/core/java/com/android/server/LockSettingsService.java @@ -617,6 +617,7 @@ public class LockSettingsService extends ILockSettings.Stub { @Override public boolean getSeparateProfileChallengeEnabled(int userId) throws RemoteException { + checkReadPermission(SEPARATE_PROFILE_CHALLENGE_KEY, userId); synchronized (mSeparateChallengeLock) { return getBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, false, userId); } @@ -625,6 +626,7 @@ public class LockSettingsService extends ILockSettings.Stub { @Override public void setSeparateProfileChallengeEnabled(int userId, boolean enabled, String managedUserPassword) throws RemoteException { + checkWritePermission(userId); synchronized (mSeparateChallengeLock) { setBoolean(SEPARATE_PROFILE_CHALLENGE_KEY, enabled, userId); if (enabled) { @@ -672,7 +674,6 @@ public class LockSettingsService extends ILockSettings.Stub { @Override public long getLong(String key, long defaultValue, int userId) throws RemoteException { checkReadPermission(key, userId); - String value = getStringUnchecked(key, null, userId); return TextUtils.isEmpty(value) ? defaultValue : Long.parseLong(value); } @@ -680,7 +681,6 @@ public class LockSettingsService extends ILockSettings.Stub { @Override public String getString(String key, String defaultValue, int userId) throws RemoteException { checkReadPermission(key, userId); - return getStringUnchecked(key, defaultValue, userId); } @@ -899,7 +899,7 @@ public class LockSettingsService extends ILockSettings.Stub { } } - public void setLockPatternInternal(String pattern, String savedCredential, int userId) + private void setLockPatternInternal(String pattern, String savedCredential, int userId) throws RemoteException { byte[] currentHandle = getCurrentHandle(userId); @@ -962,7 +962,7 @@ public class LockSettingsService extends ILockSettings.Stub { } } - public void setLockPasswordInternal(String password, String savedCredential, int userId) + private void setLockPasswordInternal(String password, String savedCredential, int userId) throws RemoteException { byte[] currentHandle = getCurrentHandle(userId); if (password == null) { @@ -1150,6 +1150,7 @@ public class LockSettingsService extends ILockSettings.Stub { @Override public void resetKeyStore(int userId) throws RemoteException { + checkWritePermission(userId); if (DEBUG) Slog.v(TAG, "Reset keystore for user: " + userId); int managedUserId = -1; String managedUserDecryptedPassword = null; @@ -1552,6 +1553,7 @@ public class LockSettingsService extends ILockSettings.Stub { LockPatternUtils.LOCK_PASSWORD_SALT_KEY, LockPatternUtils.PASSWORD_HISTORY_KEY, LockPatternUtils.PASSWORD_TYPE_KEY, + SEPARATE_PROFILE_CHALLENGE_KEY }; private static final String[] SETTINGS_TO_BACKUP = new String[] { |