diff options
| author | Adrian Roos <roosa@google.com> | 2015-02-24 17:08:48 +0100 |
|---|---|---|
| committer | Adrian Roos <roosa@google.com> | 2015-02-24 17:16:44 +0100 |
| commit | 001b00d3bd8c20c7e73cb8101cbe98291bd5e68f (patch) | |
| tree | ee32dde0e8601a8aedfcd41e26a9e32f9886cd20 | |
| parent | 6f542f5a40db8d09d8d84d58720bf19962faaca3 (diff) | |
| download | frameworks_base-001b00d3bd8c20c7e73cb8101cbe98291bd5e68f.zip frameworks_base-001b00d3bd8c20c7e73cb8101cbe98291bd5e68f.tar.gz frameworks_base-001b00d3bd8c20c7e73cb8101cbe98291bd5e68f.tar.bz2 | |
Prevent regular processes from accessing the password history
Bug: 19019350
Change-Id: Iee410d62827fe0f9d43e08dd8869e8eea590382f
| -rw-r--r-- | services/core/java/com/android/server/LockSettingsService.java | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java index 895a5c3..c189fea 100644 --- a/services/core/java/com/android/server/LockSettingsService.java +++ b/services/core/java/com/android/server/LockSettingsService.java @@ -228,6 +228,7 @@ public class LockSettingsService extends ILockSettings.Stub { private final void checkReadPermission(String requestedKey, int userId) { final int callingUid = Binder.getCallingUid(); + for (int i = 0; i < READ_PROFILE_PROTECTED_SETTINGS.length; i++) { String key = READ_PROFILE_PROTECTED_SETTINGS[i]; if (key.equals(requestedKey) && mContext.checkCallingOrSelfPermission(READ_PROFILE) @@ -237,6 +238,16 @@ public class LockSettingsService extends ILockSettings.Stub { + requestedKey + " for user " + userId); } } + + for (int i = 0; i < READ_PASSWORD_PROTECTED_SETTINGS.length; i++) { + String key = READ_PASSWORD_PROTECTED_SETTINGS[i]; + if (key.equals(requestedKey) && mContext.checkCallingOrSelfPermission(PERMISSION) + != PackageManager.PERMISSION_GRANTED) { + throw new SecurityException("uid=" + callingUid + + " needs permission " + PERMISSION + " to read " + + requestedKey + " for user " + userId); + } + } } @Override @@ -462,12 +473,18 @@ public class LockSettingsService extends ILockSettings.Stub { Secure.LOCK_PATTERN_TACTILE_FEEDBACK_ENABLED }; - // These are protected with a read permission + // Reading these settings needs the profile permission private static final String[] READ_PROFILE_PROTECTED_SETTINGS = new String[] { Secure.LOCK_SCREEN_OWNER_INFO_ENABLED, Secure.LOCK_SCREEN_OWNER_INFO }; + // Reading these settings needs the same permission as checking the password + private static final String[] READ_PASSWORD_PROTECTED_SETTINGS = new String[] { + LockPatternUtils.LOCK_PASSWORD_SALT_KEY, + LockPatternUtils.PASSWORD_HISTORY_KEY, + }; + private static final String[] SETTINGS_TO_BACKUP = new String[] { Secure.LOCK_SCREEN_OWNER_INFO_ENABLED, Secure.LOCK_SCREEN_OWNER_INFO |