summaryrefslogtreecommitdiffstats
path: root/services/devicepolicy/java
diff options
context:
space:
mode:
authorPaul Crowley <paulcrowley@google.com>2014-11-26 12:09:51 +0000
committerAndroid Git Automerger <android-git-automerger@android.com>2014-11-26 12:09:51 +0000
commit5ff0e5fb6b339a7dea0cbc344e88673b7a99e593 (patch)
tree9b4ef5545fc5ca892cd0eb735c22e4cdc22c4132 /services/devicepolicy/java
parentbc2f1371bbeb0f66c24fafec22b9b18ca6e845cd (diff)
parent0d122e265c52ef25dbad652378b3a5e51a86f041 (diff)
downloadframeworks_base-5ff0e5fb6b339a7dea0cbc344e88673b7a99e593.zip
frameworks_base-5ff0e5fb6b339a7dea0cbc344e88673b7a99e593.tar.gz
frameworks_base-5ff0e5fb6b339a7dea0cbc344e88673b7a99e593.tar.bz2
am 0d122e26: am ba94fd5e: am 77e25331: Merge "Add flag for wiping factory reset protection data." into lmp-mr1-dev
* commit '0d122e265c52ef25dbad652378b3a5e51a86f041': Add flag for wiping factory reset protection data.
Diffstat (limited to 'services/devicepolicy/java')
-rw-r--r--services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java42
1 files changed, 25 insertions, 17 deletions
diff --git a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
index f3d92e5..4d12111 100644
--- a/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
+++ b/services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java
@@ -17,6 +17,8 @@
package com.android.server.devicepolicy;
import static android.Manifest.permission.MANAGE_CA_CERTIFICATES;
+import static android.app.admin.DevicePolicyManager.WIPE_EXTERNAL_STORAGE;
+import static android.app.admin.DevicePolicyManager.WIPE_RESET_PROTECTION_DATA;
import static android.content.pm.PackageManager.GET_UNINSTALLED_PACKAGES;
import android.accessibilityservice.AccessibilityServiceInfo;
@@ -79,6 +81,7 @@ import android.security.IKeyChainService;
import android.security.KeyChain;
import android.security.KeyChain.KeyChainConnection;
import android.text.TextUtils;
+import android.service.persistentdata.PersistentDataBlockManager;
import android.util.Log;
import android.util.PrintWriterPrinter;
import android.util.Printer;
@@ -2930,10 +2933,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
return false;
}
- void wipeDataLocked(int flags, String reason) {
+ private void wipeDataLocked(boolean wipeExtRequested, String reason) {
// If the SD card is encrypted and non-removable, we have to force a wipe.
boolean forceExtWipe = !Environment.isExternalStorageRemovable() && isExtStorageEncrypted();
- boolean wipeExtRequested = (flags&DevicePolicyManager.WIPE_EXTERNAL_STORAGE) != 0;
// Note: we can only do the wipe via ExternalStorageFormatter if the volume is not emulated.
if ((forceExtWipe || wipeExtRequested) && !Environment.isExternalStorageEmulated()) {
@@ -2946,9 +2948,7 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
} else {
try {
RecoverySystem.rebootWipeUserData(mContext, reason);
- } catch (IOException e) {
- Slog.w(LOG_TAG, "Failed requesting data wipe", e);
- } catch (SecurityException e) {
+ } catch (IOException | SecurityException e) {
Slog.w(LOG_TAG, "Failed requesting data wipe", e);
}
}
@@ -2967,20 +2967,27 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
DeviceAdminInfo.USES_POLICY_WIPE_DATA);
final String source;
- if (admin != null && admin.info != null) {
- final ComponentName cname = admin.info.getComponent();
- if (cname != null) {
- source = cname.flattenToShortString();
- } else {
- source = admin.info.getPackageName();
- }
+ final ComponentName cname = admin.info.getComponent();
+ if (cname != null) {
+ source = cname.flattenToShortString();
} else {
- source = "?";
+ source = admin.info.getPackageName();
}
long ident = Binder.clearCallingIdentity();
try {
- wipeDeviceOrUserLocked(flags, userHandle,
+ if ((flags & WIPE_RESET_PROTECTION_DATA) != 0) {
+ if (userHandle != UserHandle.USER_OWNER
+ || !isDeviceOwner(admin.info.getPackageName())) {
+ throw new SecurityException(
+ "Only device owner admins can set WIPE_RESET_PROTECTION_DATA");
+ }
+ PersistentDataBlockManager manager = (PersistentDataBlockManager)
+ mContext.getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE);
+ manager.wipe();
+ }
+ boolean wipeExtRequested = (flags & WIPE_EXTERNAL_STORAGE) != 0;
+ wipeDeviceOrUserLocked(wipeExtRequested, userHandle,
"DevicePolicyManager.wipeData() from " + source);
} finally {
Binder.restoreCallingIdentity(ident);
@@ -2988,9 +2995,9 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
}
}
- private void wipeDeviceOrUserLocked(int flags, final int userHandle, String reason) {
+ private void wipeDeviceOrUserLocked(boolean wipeExtRequested, final int userHandle, String reason) {
if (userHandle == UserHandle.USER_OWNER) {
- wipeDataLocked(flags, reason);
+ wipeDataLocked(wipeExtRequested, reason);
} else {
mHandler.post(new Runnable() {
public void run() {
@@ -3142,7 +3149,8 @@ public class DevicePolicyManagerService extends IDevicePolicyManager.Stub {
}
if (wipeData) {
// Call without holding lock.
- wipeDeviceOrUserLocked(0, identifier, "reportFailedPasswordAttempt()");
+ wipeDeviceOrUserLocked(false, identifier,
+ "reportFailedPasswordAttempt()");
}
} finally {
Binder.restoreCallingIdentity(ident);