Ensure trust agents are disabled in safe-mode
Bug: 18070351
Change-Id: I71c5441bb501bb0996b557519328eb0847f043cf
diff --git a/services/core/java/com/android/server/trust/TrustManagerService.java b/services/core/java/com/android/server/trust/TrustManagerService.java
index 1649535..65cb35b 100644
--- a/services/core/java/com/android/server/trust/TrustManagerService.java
+++ b/services/core/java/com/android/server/trust/TrustManagerService.java
@@ -122,11 +122,15 @@
@Override
public void onBootPhase(int phase) {
- if (phase == SystemService.PHASE_SYSTEM_SERVICES_READY && !isSafeMode()) {
+ if (isSafeMode()) {
+ // No trust agents in safe mode.
+ return;
+ }
+ if (phase == SystemService.PHASE_SYSTEM_SERVICES_READY) {
mPackageMonitor.register(mContext, mHandler.getLooper(), UserHandle.ALL, true);
mReceiver.register(mContext);
refreshAgentList(UserHandle.USER_ALL);
- } else if (phase == SystemService.PHASE_BOOT_COMPLETED && !isSafeMode()) {
+ } else if (phase == SystemService.PHASE_BOOT_COMPLETED) {
maybeEnableFactoryTrustAgents(mLockPatternUtils, UserHandle.USER_OWNER);
}
}
@@ -174,6 +178,10 @@
void refreshAgentList(int userId) {
if (DEBUG) Slog.d(TAG, "refreshAgentList()");
+ if (isSafeMode()) {
+ // Don't ever bind to trust agents in safe mode.
+ return;
+ }
if (userId != UserHandle.USER_ALL && userId < UserHandle.USER_OWNER) {
Log.e(TAG, "refreshAgentList(userId=" + userId + "): Invalid user handle,"
+ " must be USER_ALL or a specific user.", new Throwable("here"));
@@ -580,6 +588,10 @@
protected void dump(FileDescriptor fd, final PrintWriter fout, String[] args) {
mContext.enforceCallingPermission(Manifest.permission.DUMP,
"dumping TrustManagerService");
+ if (isSafeMode()) {
+ fout.println("disabled because the system is in safe mode.");
+ return;
+ }
final UserInfo currentUser;
final List<UserInfo> userInfos = mUserManager.getUsers(true /* excludeDying */);
try {