Only allow USER_OWNER to access PDB and change OEM unlock ability
Bug:18191568
Change-Id: Ie09823945af04accead99216580efc958bf6aefe
diff --git a/services/core/java/com/android/server/PersistentDataBlockService.java b/services/core/java/com/android/server/PersistentDataBlockService.java
index 6f378fd..de90aa2 100644
--- a/services/core/java/com/android/server/PersistentDataBlockService.java
+++ b/services/core/java/com/android/server/PersistentDataBlockService.java
@@ -72,7 +72,7 @@
private final String mDataBlockFile;
private final Object mLock = new Object();
- private int mAllowedAppId = -1;
+ private int mAllowedUid = -1;
/*
* Separate lock for OEM unlock related operations as they can happen in parallel with regular
* block operations.
@@ -86,11 +86,11 @@
mContext = context;
mDataBlockFile = SystemProperties.get(PERSISTENT_DATA_BLOCK_PROP);
mBlockDeviceSize = -1; // Load lazily
- mAllowedAppId = getAllowedAppId(UserHandle.USER_OWNER);
+ mAllowedUid = getAllowedUid(UserHandle.USER_OWNER);
}
- private int getAllowedAppId(int userHandle) {
+ private int getAllowedUid(int userHandle) {
String allowedPackage = mContext.getResources()
.getString(R.string.config_persistentDataPackageName);
PackageManager pm = mContext.getPackageManager();
@@ -101,7 +101,7 @@
// not expected
Slog.e(TAG, "not able to find package " + allowedPackage, e);
}
- return UserHandle.getAppId(allowedUid);
+ return allowedUid;
}
@Override
@@ -116,11 +116,17 @@
}
private void enforceUid(int callingUid) {
- if (UserHandle.getAppId(callingUid) != mAllowedAppId) {
+ if (callingUid != mAllowedUid) {
throw new SecurityException("uid " + callingUid + " not allowed to access PST");
}
}
+ private void enforceIsOwner() {
+ if (!Binder.getCallingUserHandle().isOwner()) {
+ throw new SecurityException("Only the Owner is allowed to change OEM unlock state");
+ }
+ }
+
private int getTotalDataSizeLocked(DataInputStream inputStream) throws IOException {
int totalDataSize;
int blockId = inputStream.readInt();
@@ -249,6 +255,7 @@
return;
}
enforceOemUnlockPermission();
+ enforceIsOwner();
FileOutputStream outputStream;
try {
outputStream = new FileOutputStream(new File(mDataBlockFile));