diff options
author | Craig Lafayette <craiglafa@google.com> | 2015-03-27 09:01:43 -0400 |
---|---|---|
committer | Craig Lafayette <craiglafa@google.com> | 2015-04-10 13:14:24 -0400 |
commit | 66445a639dc134d09393f5069b7683ec36d4cd07 (patch) | |
tree | 18a7dd9062849f8fa258bf5de64d6629aed34e33 /services/core/java/com/android/server/PersistentDataBlockService.java | |
parent | 8d1db149b6a435b69affd82af2f8dc5367477f28 (diff) | |
download | frameworks_base-66445a639dc134d09393f5069b7683ec36d4cd07.zip frameworks_base-66445a639dc134d09393f5069b7683ec36d4cd07.tar.gz frameworks_base-66445a639dc134d09393f5069b7683ec36d4cd07.tar.bz2 |
Reset protection in PersistentDataBlockManager
Add method to allow authorized data block wipe in support of factory
reset protection. This will allow ManagedProvisioning to respond to
and pass factory reset protection challenges during automated device
setup.
- Adds the wipeIfAllowed method to clear the data block
- Creates a protected-broadcast to send to allowed package
Bug: 19792435
Change-Id: I897f2ea2afb1222a1fc8ac49290ee45ea4d3f2d7
Diffstat (limited to 'services/core/java/com/android/server/PersistentDataBlockService.java')
-rw-r--r-- | services/core/java/com/android/server/PersistentDataBlockService.java | 39 |
1 files changed, 35 insertions, 4 deletions
diff --git a/services/core/java/com/android/server/PersistentDataBlockService.java b/services/core/java/com/android/server/PersistentDataBlockService.java index b36f515..56f9942 100644 --- a/services/core/java/com/android/server/PersistentDataBlockService.java +++ b/services/core/java/com/android/server/PersistentDataBlockService.java @@ -18,14 +18,18 @@ package com.android.server; import android.Manifest; import android.app.ActivityManager; +import android.app.PendingIntent; import android.content.Context; +import android.content.Intent; import android.content.pm.PackageManager; import android.os.Binder; +import android.os.Bundle; import android.os.IBinder; import android.os.RemoteException; import android.os.SystemProperties; import android.os.UserHandle; import android.service.persistentdata.IPersistentDataBlockService; +import android.service.persistentdata.PersistentDataBlockManager; import android.util.Slog; import com.android.internal.R; @@ -428,6 +432,29 @@ public class PersistentDataBlockService extends SystemService { } @Override + public void wipeIfAllowed(Bundle bundle, PendingIntent pi) { + // Should only be called by owner + if (UserHandle.getCallingUserId() != UserHandle.USER_OWNER) { + throw new SecurityException("Only the Owner is allowed to wipe"); + } + // Caller must be able to query the the state of the PersistentDataBlock + enforcePersistentDataBlockAccess(); + String allowedPackage = mContext.getResources() + .getString(R.string.config_persistentDataPackageName); + Intent intent = new Intent(); + intent.setPackage(allowedPackage); + intent.setAction(PersistentDataBlockManager.ACTION_WIPE_IF_ALLOWED); + intent.putExtras(bundle); + intent.putExtra(PersistentDataBlockManager.EXTRA_WIPE_IF_ALLOWED_CALLBACK, pi); + long id = Binder.clearCallingIdentity(); + try { + mContext.sendBroadcastAsUser(intent, UserHandle.OWNER); + } finally { + restoreCallingIdentity(id); + } + } + + @Override public void setOemUnlockEnabled(boolean enabled) { // do not allow monkey to flip the flag if (ActivityManager.isUserAMonkey()) { @@ -450,10 +477,7 @@ public class PersistentDataBlockService extends SystemService { @Override public int getDataBlockSize() { - if (mContext.checkCallingPermission(Manifest.permission.ACCESS_PDB_STATE) - != PackageManager.PERMISSION_GRANTED) { - enforceUid(Binder.getCallingUid()); - } + enforcePersistentDataBlockAccess(); DataInputStream inputStream; try { @@ -475,6 +499,13 @@ public class PersistentDataBlockService extends SystemService { } } + private void enforcePersistentDataBlockAccess() { + if (mContext.checkCallingPermission(Manifest.permission.ACCESS_PDB_STATE) + != PackageManager.PERMISSION_GRANTED) { + enforceUid(Binder.getCallingUid()); + } + } + @Override public long getMaximumDataBlockSize() { long actualSize = getBlockDeviceSize() - HEADER_SIZE - 1; |