Add permission check on onKeyguardVisibilityChanged
Without this permission check any app can toggle the locked state of
keymaster once it has been unlocked for the first time.
Bug: 144285084
Test: Manually tested with debugger that the requred code paths are
run.
Merged-In: Idb8a200dc2963e1085e9fddd0c565c5172465e65
Change-Id: Idb8a200dc2963e1085e9fddd0c565c5172465e65
(cherry picked from commit 21f452c372)
This commit is contained in:
Janis Danisevskis
parent
3c04bca28a
commit
ed9a255fc6
1 changed files with 15 additions and 4 deletions
|
|
@ -1354,12 +1354,23 @@ bool KeyStoreService::checkAllowedOperationParams(const hidl_vec<KeyParameter>&
|
|||
}
|
||||
|
||||
Status KeyStoreService::onKeyguardVisibilityChanged(bool isShowing, int32_t userId,
|
||||
int32_t* aidl_return) {
|
||||
int32_t* _aidl_return) {
|
||||
KEYSTORE_SERVICE_LOCK;
|
||||
if (isShowing) {
|
||||
if (!checkBinderPermission(P_LOCK, UID_SELF)) {
|
||||
LOG(WARNING) << "onKeyguardVisibilityChanged called with isShowing == true but "
|
||||
"without LOCK permission";
|
||||
return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
|
||||
}
|
||||
} else {
|
||||
if (!checkBinderPermission(P_UNLOCK, UID_SELF)) {
|
||||
LOG(WARNING) << "onKeyguardVisibilityChanged called with isShowing == false but "
|
||||
"without UNLOCK permission";
|
||||
return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
|
||||
}
|
||||
}
|
||||
mKeyStore->getEnforcementPolicy().set_device_locked(isShowing, userId);
|
||||
*aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
|
||||
|
||||
return Status::ok();
|
||||
return AIDL_RETURN(ResponseCode::NO_ERROR);
|
||||
}
|
||||
|
||||
} // namespace keystore
|
||||
|
|
|
|||
Loading…
Reference in a new issue