Add permission checks to unified challenge cache APIs - platform/frameworks/base

diff options

author	Eric Biggers <ebiggers@google.com>	2022-09-26 21:59:19 +0000
committer	Eric Biggers <ebiggers@google.com>	2022-09-26 22:26:14 +0000
commit	d0d0a1c62e1b6d3d0d022bee9d760009d06d3ca4 (patch)
tree	f157cd3e9f6678ecd194a2e38475877a27bb3ba2 /libs/androidfw/StringPool.cpp
parent	08b9eefa9aa88316641412c37639d92d18700089 (diff)

Add permission checks to unified challenge cache APIs

While it shouldn't be possible to do anything "bad" with these APIs, they should require the ACCESS_KEYGUARD_SECURE_STORAGE permission just like most other APIs in LockSettingsService. This doesn't break the legitimate users, both of which use Binder.clearCallingIdentity(): - tryUnlockWithCachedUnifiedChallenge() is only called by UserManagerService.requestQuietModeEnabled(). - removeCachedUnifiedChallenge() is only called by LockSettingsShellCommand ('locksettings remove-cache'). Bug: 239050838 Change-Id: Ib7224729c3e110aa44f0416f72063b38517ed089

Diffstat (limited to 'libs/androidfw/StringPool.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: