diff options
| author | Andres Morales <anmorales@google.com> | 2014-10-30 15:31:31 -0700 |
|---|---|---|
| committer | Andres Morales <anmorales@google.com> | 2014-10-31 15:49:35 -0700 |
| commit | a31c23da300b5d1f4b1fc261bb0dcb1fee9b61f1 (patch) | |
| tree | 818b5d62cca32a9f37de590283a40abf2eb6106a /services/core/java/com/android/server/PersistentDataBlockService.java | |
| parent | e8f676c0e580f5ffffbc23befd4b4ffac0d0a332 (diff) | |
| download | frameworks_base-a31c23da300b5d1f4b1fc261bb0dcb1fee9b61f1.zip frameworks_base-a31c23da300b5d1f4b1fc261bb0dcb1fee9b61f1.tar.gz frameworks_base-a31c23da300b5d1f4b1fc261bb0dcb1fee9b61f1.tar.bz2 | |
Only allow USER_OWNER to access PDB and change OEM unlock ability
Bug:18191568
Change-Id: Ie09823945af04accead99216580efc958bf6aefe
Diffstat (limited to 'services/core/java/com/android/server/PersistentDataBlockService.java')
| -rw-r--r-- | services/core/java/com/android/server/PersistentDataBlockService.java | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/services/core/java/com/android/server/PersistentDataBlockService.java b/services/core/java/com/android/server/PersistentDataBlockService.java index 6f378fd..de90aa2 100644 --- a/services/core/java/com/android/server/PersistentDataBlockService.java +++ b/services/core/java/com/android/server/PersistentDataBlockService.java @@ -72,7 +72,7 @@ public class PersistentDataBlockService extends SystemService { private final String mDataBlockFile; private final Object mLock = new Object(); - private int mAllowedAppId = -1; + private int mAllowedUid = -1; /* * Separate lock for OEM unlock related operations as they can happen in parallel with regular * block operations. @@ -86,11 +86,11 @@ public class PersistentDataBlockService extends SystemService { mContext = context; mDataBlockFile = SystemProperties.get(PERSISTENT_DATA_BLOCK_PROP); mBlockDeviceSize = -1; // Load lazily - mAllowedAppId = getAllowedAppId(UserHandle.USER_OWNER); + mAllowedUid = getAllowedUid(UserHandle.USER_OWNER); } - private int getAllowedAppId(int userHandle) { + private int getAllowedUid(int userHandle) { String allowedPackage = mContext.getResources() .getString(R.string.config_persistentDataPackageName); PackageManager pm = mContext.getPackageManager(); @@ -101,7 +101,7 @@ public class PersistentDataBlockService extends SystemService { // not expected Slog.e(TAG, "not able to find package " + allowedPackage, e); } - return UserHandle.getAppId(allowedUid); + return allowedUid; } @Override @@ -116,11 +116,17 @@ public class PersistentDataBlockService extends SystemService { } private void enforceUid(int callingUid) { - if (UserHandle.getAppId(callingUid) != mAllowedAppId) { + if (callingUid != mAllowedUid) { throw new SecurityException("uid " + callingUid + " not allowed to access PST"); } } + private void enforceIsOwner() { + if (!Binder.getCallingUserHandle().isOwner()) { + throw new SecurityException("Only the Owner is allowed to change OEM unlock state"); + } + } + private int getTotalDataSizeLocked(DataInputStream inputStream) throws IOException { int totalDataSize; int blockId = inputStream.readInt(); @@ -249,6 +255,7 @@ public class PersistentDataBlockService extends SystemService { return; } enforceOemUnlockPermission(); + enforceIsOwner(); FileOutputStream outputStream; try { outputStream = new FileOutputStream(new File(mDataBlockFile)); |