Protect TrustManager.setDeviceLockedForUser with permission
Bug: 26535793
Change-Id: I172f1ec7d9285213ecd70564728c7328a3a675ff
diff --git a/core/java/android/app/trust/TrustManager.java b/core/java/android/app/trust/TrustManager.java
index ee591d3..88ba874 100644
--- a/core/java/android/app/trust/TrustManager.java
+++ b/core/java/android/app/trust/TrustManager.java
@@ -16,7 +16,9 @@
package android.app.trust;
+import android.Manifest;
import android.annotation.IntDef;
+import android.annotation.RequiresPermission;
import android.os.Handler;
import android.os.IBinder;
import android.os.Looper;
@@ -54,9 +56,12 @@
* Changes the lock status for the given user. This is only applicable to Managed Profiles,
* other users should be handled by Keyguard.
*
+ * Requires the {@link android.Manifest.permission#ACCESS_KEYGUARD_SECURE_STORAGE} permission.
+ *
* @param userId The id for the user to be locked/unlocked.
* @param locked The value for that user's locked state.
*/
+ @RequiresPermission(Manifest.permission.ACCESS_KEYGUARD_SECURE_STORAGE)
public void setDeviceLockedForUser(int userId, boolean locked) {
try {
mService.setDeviceLockedForUser(userId, locked);
diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index 42b8721..8cdff11 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -778,6 +778,7 @@
@Override
public void setDeviceLockedForUser(int userId, boolean value) {
+ enforceReportPermission();
mHandler.obtainMessage(MSG_SET_DEVICE_LOCKED, value ? 1 : 0, userId)
.sendToTarget();
}