commit 96a9d0130a8db4fc4070029e7245ce7e51eb1641
author Andrew Scull <ascull@google.com> Fri Sep 08 16:01:47 2017 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Fri Sep 08 16:01:47 2017 +0000
tree d740efed67862773d4b5c8af41109b5b3b944cc7
parent 81bb18621ebb0c3a1d780515fa378b771bfea8b3
parent d37fe2d3e1cbf03161df9f4e16f791a99445cdc1

Merge "OemLockService: remove canUserAllowOemUnlock()"

core/java/android/service/oemlock/IOemLockService.aidl

diff --git a/core/java/android/service/oemlock/IOemLockService.aidl b/core/java/android/service/oemlock/IOemLockService.aidl
index 682e7ee..d5e10d6 100644
--- a/core/java/android/service/oemlock/IOemLockService.aidl
+++ b/core/java/android/service/oemlock/IOemLockService.aidl
@@ -28,7 +28,6 @@
     void setOemUnlockAllowedByUser(boolean allowed);
     boolean isOemUnlockAllowedByUser();
 
-    boolean canUserAllowOemUnlock();
     boolean isOemUnlockAllowed();
     boolean isDeviceOemUnlocked();
 }

core/java/android/service/oemlock/OemLockManager.java

diff --git a/core/java/android/service/oemlock/OemLockManager.java b/core/java/android/service/oemlock/OemLockManager.java
index 3a56d9f..f0d6603 100644
--- a/core/java/android/service/oemlock/OemLockManager.java
+++ b/core/java/android/service/oemlock/OemLockManager.java
@@ -118,24 +118,6 @@
     }
 
     /**
-     * Returns whether all parties other than the user allow OEM unlock meaning the user can
-     * directly control whether or not the device can be OEM unlocked.
-     *
-     * If this is true, {@link #isOemUnlockAllowedByUser} is the same as {@link #isOemUnlockAllowed}
-     *
-     * @return Whether the user can directly control whether the device can be OEM unlocked.
-     *
-     * @hide
-     */
-    public boolean canUserAllowOemUnlock() {
-        try {
-            return mService.canUserAllowOemUnlock();
-        } catch (RemoteException e) {
-            throw e.rethrowFromSystemServer();
-        }
-    }
-
-    /**
      * @return Whether the bootloader is able to OEM unlock the device.
      *
      * @hide

services/core/java/com/android/server/oemlock/OemLockService.java

diff --git a/services/core/java/com/android/server/oemlock/OemLockService.java b/services/core/java/com/android/server/oemlock/OemLockService.java
index 5e19b13..40c6639 100644
--- a/services/core/java/com/android/server/oemlock/OemLockService.java
+++ b/services/core/java/com/android/server/oemlock/OemLockService.java
@@ -149,8 +149,12 @@
 
             final long token = Binder.clearCallingIdentity();
             try {
-                if (!canUserAllowOemUnlock()) {
-                    throw new SecurityException("User cannot allow OEM unlock");
+                if (!isOemUnlockAllowedByAdmin()) {
+                    throw new SecurityException("Admin does not allow OEM unlock");
+                }
+
+                if (!mOemLock.isOemUnlockAllowedByCarrier()) {
+                    throw new SecurityException("Carrier does not allow OEM unlock");
                 }
 
                 mOemLock.setOemUnlockAllowedByDevice(allowedByUser);
@@ -172,18 +176,6 @@
         }
 
         @Override
-        public boolean canUserAllowOemUnlock() {
-            enforceOemUnlockReadPermission();
-
-            final long token = Binder.clearCallingIdentity();
-            try {
-                return isOemUnlockAllowedByAdmin() && mOemLock.isOemUnlockAllowedByCarrier();
-            } finally {
-                Binder.restoreCallingIdentity(token);
-            }
-        }
-
-        @Override
         public boolean isOemUnlockAllowed() {
             enforceOemUnlockReadPermission();