Disallow OEM unlock when DISALLOW_FACTORY_RESET applies
Bug: 28339424
Change-Id: I4b6dc6f186ea60a13e778f52d574e615b0b19b74
diff --git a/services/core/java/com/android/server/PersistentDataBlockService.java b/services/core/java/com/android/server/PersistentDataBlockService.java
index b64363f..51037dd 100644
--- a/services/core/java/com/android/server/PersistentDataBlockService.java
+++ b/services/core/java/com/android/server/PersistentDataBlockService.java
@@ -146,6 +146,15 @@
"Only the Admin user is allowed to change OEM unlock state");
}
}
+
+ private void enforceFactoryResetAllowed() {
+ final boolean isOemUnlockRestricted = UserManager.get(mContext)
+ .hasUserRestriction(UserManager.DISALLOW_FACTORY_RESET);
+ if (isOemUnlockRestricted) {
+ throw new SecurityException("OEM unlock is disallowed by DISALLOW_FACTORY_RESET");
+ }
+ }
+
private int getTotalDataSizeLocked(DataInputStream inputStream) throws IOException {
// skip over checksum
inputStream.skipBytes(DIGEST_SIZE_BYTES);
@@ -452,7 +461,9 @@
Settings.Global.OEM_UNLOCK_DISALLOWED, 0) == 1) {
throw new SecurityException("OEM unlock has been disallowed.");
}
-
+ if (enabled) {
+ enforceFactoryResetAllowed();
+ }
synchronized (mLock) {
doSetOemUnlockEnabledLocked(enabled);
computeAndWriteDigestLocked();