diff options
author | Paul Crowley <paulcrowley@google.com> | 2014-11-26 12:09:51 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2014-11-26 12:09:51 +0000 |
commit | 5ff0e5fb6b339a7dea0cbc344e88673b7a99e593 (patch) | |
tree | 9b4ef5545fc5ca892cd0eb735c22e4cdc22c4132 /services/devicepolicy/java | |
parent | bc2f1371bbeb0f66c24fafec22b9b18ca6e845cd (diff) | |
parent | 0d122e265c52ef25dbad652378b3a5e51a86f041 (diff) | |
download | frameworks_base-5ff0e5fb6b339a7dea0cbc344e88673b7a99e593.zip frameworks_base-5ff0e5fb6b339a7dea0cbc344e88673b7a99e593.tar.gz frameworks_base-5ff0e5fb6b339a7dea0cbc344e88673b7a99e593.tar.bz2 |
am 0d122e26: am ba94fd5e: am 77e25331: Merge "Add flag for wiping factory reset protection data." into lmp-mr1-dev
* commit '0d122e265c52ef25dbad652378b3a5e51a86f041':
Add flag for wiping factory reset protection data.
Diffstat (limited to 'services/devicepolicy/java')
-rw-r--r-- | services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java | 42 |
1 files changed, 25 insertions, 17 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java index f3d92e5..4d12111 100644 --- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java +++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java @@ -17,6 +17,8 @@ package com.android.server.devicepolicy; import static android.Manifest.permission.MANAGE_CA_CERTIFICATES; +import static android.app.admin.DevicePolicyManager.WIPE_EXTERNAL_STORAGE; +import static android.app.admin.DevicePolicyManager.WIPE_RESET_PROTECTION_DATA; import static android.content.pm.PackageManager.GET_UNINSTALLED_PACKAGES; import android.accessibilityservice.AccessibilityServiceInfo; @@ -79,6 +81,7 @@ import android.security.IKeyChainService; import android.security.KeyChain; import android.security.KeyChain.KeyChainConnection; import android.text.TextUtils; +import android.service.persistentdata.PersistentDataBlockManager; import android.util.Log; import android.util.PrintWriterPrinter; import android.util.Printer; @@ -2930,10 +2933,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { return false; } - void wipeDataLocked(int flags, String reason) { + private void wipeDataLocked(boolean wipeExtRequested, String reason) { // If the SD card is encrypted and non-removable, we have to force a wipe. boolean forceExtWipe = !Environment.isExternalStorageRemovable() && isExtStorageEncrypted(); - boolean wipeExtRequested = (flags&DevicePolicyManager.WIPE_EXTERNAL_STORAGE) != 0; // Note: we can only do the wipe via ExternalStorageFormatter if the volume is not emulated. if ((forceExtWipe || wipeExtRequested) && !Environment.isExternalStorageEmulated()) { @@ -2946,9 +2948,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } else { try { RecoverySystem.rebootWipeUserData(mContext, reason); - } catch (IOException e) { - Slog.w(LOG_TAG, "Failed requesting data wipe", e); - } catch (SecurityException e) { + } catch (IOException | SecurityException e) { Slog.w(LOG_TAG, "Failed requesting data wipe", e); } } @@ -2967,20 +2967,27 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { DeviceAdminInfo.USES_POLICY_WIPE_DATA); final String source; - if (admin != null && admin.info != null) { - final ComponentName cname = admin.info.getComponent(); - if (cname != null) { - source = cname.flattenToShortString(); - } else { - source = admin.info.getPackageName(); - } + final ComponentName cname = admin.info.getComponent(); + if (cname != null) { + source = cname.flattenToShortString(); } else { - source = "?"; + source = admin.info.getPackageName(); } long ident = Binder.clearCallingIdentity(); try { - wipeDeviceOrUserLocked(flags, userHandle, + if ((flags & WIPE_RESET_PROTECTION_DATA) != 0) { + if (userHandle != UserHandle.USER_OWNER + || !isDeviceOwner(admin.info.getPackageName())) { + throw new SecurityException( + "Only device owner admins can set WIPE_RESET_PROTECTION_DATA"); + } + PersistentDataBlockManager manager = (PersistentDataBlockManager) + mContext.getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE); + manager.wipe(); + } + boolean wipeExtRequested = (flags & WIPE_EXTERNAL_STORAGE) != 0; + wipeDeviceOrUserLocked(wipeExtRequested, userHandle, "DevicePolicyManager.wipeData() from " + source); } finally { Binder.restoreCallingIdentity(ident); @@ -2988,9 +2995,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } } - private void wipeDeviceOrUserLocked(int flags, final int userHandle, String reason) { + private void wipeDeviceOrUserLocked(boolean wipeExtRequested, final int userHandle, String reason) { if (userHandle == UserHandle.USER_OWNER) { - wipeDataLocked(flags, reason); + wipeDataLocked(wipeExtRequested, reason); } else { mHandler.post(new Runnable() { public void run() { @@ -3142,7 +3149,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub { } if (wipeData) { // Call without holding lock. - wipeDeviceOrUserLocked(0, identifier, "reportFailedPasswordAttempt()"); + wipeDeviceOrUserLocked(false, identifier, + "reportFailedPasswordAttempt()"); } } finally { Binder.restoreCallingIdentity(ident); |