diff options
| -rw-r--r-- | services/core/java/com/android/server/locksettings/LockSettingsService.java | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java index 83bacc2350be..5927b2f050fc 100644 --- a/services/core/java/com/android/server/locksettings/LockSettingsService.java +++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java @@ -19,6 +19,7 @@ package com.android.server.locksettings; import static android.Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE; import static android.Manifest.permission.READ_CONTACTS; import static android.content.Context.KEYGUARD_SERVICE; +import static android.content.pm.PackageManager.PERMISSION_GRANTED; import static com.android.internal.widget.LockPatternUtils.StrongAuthTracker.STRONG_AUTH_REQUIRED_AFTER_LOCKOUT; import static com.android.internal.widget.LockPatternUtils.SYNTHETIC_PASSWORD_ENABLED_KEY; @@ -77,6 +78,7 @@ import android.service.gatekeeper.GateKeeperResponse; import android.service.gatekeeper.IGateKeeperService; import android.text.TextUtils; import android.util.ArrayMap; +import android.util.EventLog; import android.util.Log; import android.util.Slog; @@ -559,6 +561,10 @@ public class LockSettingsService extends ILockSettings.Stub { @Override // binder interface public void systemReady() { + if (mContext.checkCallingOrSelfPermission(PERMISSION) != PERMISSION_GRANTED) { + EventLog.writeEvent(0x534e4554, "28251513", getCallingUid(), ""); // SafetyNet + } + checkWritePermission(UserHandle.USER_SYSTEM); migrateOldData(); try { getGateKeeperService(); @@ -805,6 +811,13 @@ public class LockSettingsService extends ILockSettings.Stub { mContext.enforceCallingOrSelfPermission(PERMISSION, "LockSettingsRead"); } + private final void checkPasswordHavePermission(int userId) { + if (mContext.checkCallingOrSelfPermission(PERMISSION) != PERMISSION_GRANTED) { + EventLog.writeEvent(0x534e4554, "28251513", getCallingUid(), ""); // SafetyNet + } + mContext.enforceCallingOrSelfPermission(PERMISSION, "LockSettingsHave"); + } + private final void checkReadPermission(String requestedKey, int userId) { final int callingUid = Binder.getCallingUid(); @@ -934,6 +947,7 @@ public class LockSettingsService extends ILockSettings.Stub { @Override public boolean havePassword(int userId) throws RemoteException { + checkPasswordHavePermission(userId); synchronized (mSpManager) { if (isSyntheticPasswordBasedCredentialLocked(userId)) { long handle = getSyntheticPasswordHandleLocked(userId); @@ -947,6 +961,7 @@ public class LockSettingsService extends ILockSettings.Stub { @Override public boolean havePattern(int userId) throws RemoteException { + checkPasswordHavePermission(userId); synchronized (mSpManager) { if (isSyntheticPasswordBasedCredentialLocked(userId)) { long handle = getSyntheticPasswordHandleLocked(userId); |