diff options
| author | Adrian Roos <roosa@google.com> | 2015-02-25 13:27:02 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-02-25 13:27:05 +0000 |
| commit | e377c5011f9e7718ad568964868276a2f5304f67 (patch) | |
| tree | 70bbc58b7b16202fad457e685032b8112057a83e | |
| parent | 434fcf15884cc345ba0b2d4ab28350bafa432f24 (diff) | |
| parent | 001b00d3bd8c20c7e73cb8101cbe98291bd5e68f (diff) | |
| download | frameworks_base-e377c5011f9e7718ad568964868276a2f5304f67.zip frameworks_base-e377c5011f9e7718ad568964868276a2f5304f67.tar.gz frameworks_base-e377c5011f9e7718ad568964868276a2f5304f67.tar.bz2 | |
Merge "Prevent regular processes from accessing the password history"
| -rw-r--r-- | services/core/java/com/android/server/LockSettingsService.java | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/services/core/java/com/android/server/LockSettingsService.java b/services/core/java/com/android/server/LockSettingsService.java index 895a5c3..c189fea 100644 --- a/services/core/java/com/android/server/LockSettingsService.java +++ b/services/core/java/com/android/server/LockSettingsService.java @@ -228,6 +228,7 @@ public class LockSettingsService extends ILockSettings.Stub { private final void checkReadPermission(String requestedKey, int userId) { final int callingUid = Binder.getCallingUid(); + for (int i = 0; i < READ_PROFILE_PROTECTED_SETTINGS.length; i++) { String key = READ_PROFILE_PROTECTED_SETTINGS[i]; if (key.equals(requestedKey) && mContext.checkCallingOrSelfPermission(READ_PROFILE) @@ -237,6 +238,16 @@ public class LockSettingsService extends ILockSettings.Stub { + requestedKey + " for user " + userId); } } + + for (int i = 0; i < READ_PASSWORD_PROTECTED_SETTINGS.length; i++) { + String key = READ_PASSWORD_PROTECTED_SETTINGS[i]; + if (key.equals(requestedKey) && mContext.checkCallingOrSelfPermission(PERMISSION) + != PackageManager.PERMISSION_GRANTED) { + throw new SecurityException("uid=" + callingUid + + " needs permission " + PERMISSION + " to read " + + requestedKey + " for user " + userId); + } + } } @Override @@ -462,12 +473,18 @@ public class LockSettingsService extends ILockSettings.Stub { Secure.LOCK_PATTERN_TACTILE_FEEDBACK_ENABLED }; - // These are protected with a read permission + // Reading these settings needs the profile permission private static final String[] READ_PROFILE_PROTECTED_SETTINGS = new String[] { Secure.LOCK_SCREEN_OWNER_INFO_ENABLED, Secure.LOCK_SCREEN_OWNER_INFO }; + // Reading these settings needs the same permission as checking the password + private static final String[] READ_PASSWORD_PROTECTED_SETTINGS = new String[] { + LockPatternUtils.LOCK_PASSWORD_SALT_KEY, + LockPatternUtils.PASSWORD_HISTORY_KEY, + }; + private static final String[] SETTINGS_TO_BACKUP = new String[] { Secure.LOCK_SCREEN_OWNER_INFO_ENABLED, Secure.LOCK_SCREEN_OWNER_INFO |