Merge "LockSettings: Enforce permission check on havePattern/havePassword/systemReady" into oc-mr1-dev

am: 713a92390e Change-Id: Iedb7368829c0b4d82c6ca8e0417340d78f180493
author: Adrian Roos <roosa@google.com> 2017-08-18 16:34:10 +0000
committer: android-build-merger <android-build-merger@google.com> 2017-08-18 16:34:10 +0000
commit: dd4e76b6873d89e634ac79a7e9cbf0aedb115013 (patch)
tree: 6c20dfc51ebeaf42c31df504e62950b7329fe6a7
parent: 9d071388919fab803df6b7e35d1149de996dfdda (diff)
parent: 713a92390eb6ee50935be9030ef52160497b9242 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
index 83bacc2350be..5927b2f050fc 100644
--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
+++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
@@ -19,6 +19,7 @@ package com.android.server.locksettings;
 import static android.Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE;
 import static android.Manifest.permission.READ_CONTACTS;
 import static android.content.Context.KEYGUARD_SERVICE;
+import static android.content.pm.PackageManager.PERMISSION_GRANTED;
 
 import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT;
 import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_ENABLED_KEY;
@@ -77,6 +78,7 @@ import android.service.gatekeeper.GateKeeperResponse;
 import android.service.gatekeeper.IGateKeeperService;
 import android.text.TextUtils;
 import android.util.ArrayMap;
+import android.util.EventLog;
 import android.util.Log;
 import android.util.Slog;
 
@@ -559,6 +561,10 @@ public class LockSettingsService extends ILockSettings.Stub {
 
     @Override // binder interface
     public void systemReady() {
+        if (mContext.checkCallingOrSelfPermission(PERMISSION) != PERMISSION_GRANTED) {
+            EventLog.writeEvent(0x534e4554, "28251513", getCallingUid(), "");  // SafetyNet
+        }
+        checkWritePermission(UserHandle.USER_SYSTEM);
         migrateOldData();
         try {
             getGateKeeperService();
@@ -805,6 +811,13 @@ public class LockSettingsService extends ILockSettings.Stub {
         mContext.enforceCallingOrSelfPermission(PERMISSION, "LockSettingsRead");
     }
 
+    private final void checkPasswordHavePermission(int userId) {
+        if (mContext.checkCallingOrSelfPermission(PERMISSION) != PERMISSION_GRANTED) {
+            EventLog.writeEvent(0x534e4554, "28251513", getCallingUid(), "");  // SafetyNet
+        }
+        mContext.enforceCallingOrSelfPermission(PERMISSION, "LockSettingsHave");
+    }
+
     private final void checkReadPermission(String requestedKey, int userId) {
         final int callingUid = Binder.getCallingUid();
 
@@ -934,6 +947,7 @@ public class LockSettingsService extends ILockSettings.Stub {
 
     @Override
     public boolean havePassword(int userId) throws RemoteException {
+        checkPasswordHavePermission(userId);
         synchronized (mSpManager) {
             if (isSyntheticPasswordBasedCredentialLocked(userId)) {
                 long handle = getSyntheticPasswordHandleLocked(userId);
@@ -947,6 +961,7 @@ public class LockSettingsService extends ILockSettings.Stub {
 
     @Override
     public boolean havePattern(int userId) throws RemoteException {
+        checkPasswordHavePermission(userId);
         synchronized (mSpManager) {
             if (isSyntheticPasswordBasedCredentialLocked(userId)) {
                 long handle = getSyntheticPasswordHandleLocked(userId);
author	Adrian Roos <roosa@google.com>	2017-08-18 16:34:10 +0000
committer	android-build-merger <android-build-merger@google.com>	2017-08-18 16:34:10 +0000
commit	dd4e76b6873d89e634ac79a7e9cbf0aedb115013 (patch)
tree	6c20dfc51ebeaf42c31df504e62950b7329fe6a7
parent	9d071388919fab803df6b7e35d1149de996dfdda (diff)
parent	713a92390eb6ee50935be9030ef52160497b9242 (diff)