diff options
author | Charles He <qiurui@google.com> | 2016-11-24 14:05:00 +0000 |
---|---|---|
committer | Sean McCreary <mccreary@mcwest.org> | 2017-03-22 12:40:21 -0600 |
commit | 2ffca13ae484c15087ddd14f69d3e593b51fc904 (patch) | |
tree | 45a12b708c4996fa54c54936072f2901e58004d9 /core/java/android/service | |
parent | 44b0bdc995fbc21b294e1cdca3a5aa63feeb4951 (diff) | |
download | frameworks_base-2ffca13ae484c15087ddd14f69d3e593b51fc904.zip frameworks_base-2ffca13ae484c15087ddd14f69d3e593b51fc904.tar.gz frameworks_base-2ffca13ae484c15087ddd14f69d3e593b51fc904.tar.bz2 |
Prevent writing to FRP partition during factory reset.
Avoid potential race condition between FRP wipe and write operations
during factory reset by making the FRP partition unwritable after
wipe.
Bug: 30352311
Test: manual
CVE-2017-0498
Change-Id: If3f024a1611366c0677a996705724458094fcfad
(cherry picked from commit a629c772f4a7a5ddf7ff9f78fb19f7ab86c2a9c2)
(cherry picked from commit a9437bd1caeeb38780d920a81bde8cc7ca280fe0)
(cherry picked from commit 1c4d535d0806dbeb6d2fa5cea0373cbd9ab6d33b)
Diffstat (limited to 'core/java/android/service')
-rw-r--r-- | core/java/android/service/persistentdata/PersistentDataBlockManager.java | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/core/java/android/service/persistentdata/PersistentDataBlockManager.java b/core/java/android/service/persistentdata/PersistentDataBlockManager.java index 0ffdf68..10ffe84 100644 --- a/core/java/android/service/persistentdata/PersistentDataBlockManager.java +++ b/core/java/android/service/persistentdata/PersistentDataBlockManager.java @@ -54,6 +54,9 @@ public class PersistentDataBlockManager { * Returns the number of bytes written or -1 on error. If the block is too big * to fit on the partition, returns -MAX_BLOCK_SIZE. * + * {@link #wipe} will block any further {@link #write} operation until reboot, + * in which case -1 will be returned. + * * @param data the data to write */ public int write(byte[] data) { @@ -108,6 +111,8 @@ public class PersistentDataBlockManager { /** * Zeroes the previously written block in its entirety. Calling this method * will erase all data written to the persistent data partition. + * It will also prevent any further {@link #write} operation until reboot, + * in order to prevent a potential race condition. See b/30352311. */ public void wipe() { try { |