| d2b21047c8c133d99cbd4821a5dc88f60d933445 |
|
03-Jun-2016 |
Amith Yamasani <yamasani@google.com> |
Add a separate read permission for oem unlock state
New privileged permission READ_OEM_UNLOCK_STATE added
for system privileged apps.
Changing the unlock state still requires the old
permission OEM_UNLOCK_STATE, which is signature protected.
Bug: 28953956
Change-Id: Iedd2ad1d2d1dc3ae91122d7c406e3ee623a47d61
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
| 74e9b18b2de2127e081b170cdd4622193cfb7543 |
|
22-Feb-2016 |
Andres Morales <anmorales@google.com> |
Add SystemApi for retrieving device flash lock state
Bug: 26039090
Change-Id: Ib51c4862d897cc91a0788379c761ed49a2adf271
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
| c5967e9862489024c932b0c7fcb84ed0af2a7fd7 |
|
08-Jan-2016 |
Jeff Sharkey <jsharkey@android.com> |
More progress on triaging PackageManager callers.
Catch a bunch of simple cases where the PackageManager flags are
obvious. Add the ability to use the MATCH_SYSTEM_ONLY flag on
PackageInfo and ApplicationInfo queries.
Re-examine recent tasks after a user is unlocked, since some of the
activities may now be available and runnable.
Bug: 26471205, 26253870
Change-Id: I989d9f8409070e5cae13202b47e2c7de85bf4a5b
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
| e06b4d1d9f718b9fe02980fea794a36831a16db2 |
|
06-Jan-2016 |
Jeff Sharkey <jsharkey@android.com> |
Consistent naming for PackageManager methods.
When hidden PackageManager methods take a userId argument, they
should be named explicitly with the "AsUser" suffix. This fixes
several lagging examples so that we can pave the way to safely
start passing flags to new methods without scary overloading.
Also fix spacing issues in various logging statements.
Change-Id: I1e42f7f66427410275df713bea04f6e0445fba28
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
| f06607882ff4bfdb4c0ada981193e567b9242f57 |
|
02-Sep-2015 |
Xiaohui Chen <xiaohuic@google.com> |
Cleanup USER_OWNER in PDB Service
This assumes that the calling uid is always from user 0, even in split
system user mode.
Bug: 19913735
Change-Id: I99b6a0ca534ac1627c1abb8609c92ff74a5aeabf
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
| 09ad6bfe9619ff7a61209131f1f3182d53d840d0 |
|
02-Jun-2015 |
Craig Lafayette <craiglafa@google.com> |
Remove FRP wipe support for device initializers
- Remove ManagedProvisioning NFC parameter key from
DevicePolicyManager
- Remove wipeIfAllowed from PersistentDataBlockManager
Bug: 21558883
Change-Id: I59354b7bb1ef7e0b0346ff9a7d1654780231dff0
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
| 66445a639dc134d09393f5069b7683ec36d4cd07 |
|
27-Mar-2015 |
Craig Lafayette <craiglafa@google.com> |
Reset protection in PersistentDataBlockManager
Add method to allow authorized data block wipe in support of factory
reset protection. This will allow ManagedProvisioning to respond to
and pass factory reset protection challenges during automated device
setup.
- Adds the wipeIfAllowed method to clear the data block
- Creates a protected-broadcast to send to allowed package
Bug: 19792435
Change-Id: I897f2ea2afb1222a1fc8ac49290ee45ea4d3f2d7
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
| fb5dcacf41479434c497f1934646d0110ab73089 |
|
27-Mar-2015 |
Andres Morales <anmorales@google.com> |
Merge "Add system prop to track if oem unlock is allowed"
|
| 5ca4cc576145466e616f236e63215e2fe33df91c |
|
20-Mar-2015 |
Andres Morales <anmorales@google.com> |
Add system prop to track if oem unlock is allowed
This state is never trusted, but it permits us to build
more appropriately message the user if their device is in
a state where its OK to reset.
Change-Id: I26cc0f928d7fdeff8837e4c2c4b8859fede7846d
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
| c8f952ce9f9cadc0d38745e455c0a6388bc68a47 |
|
19-Mar-2015 |
Andres Morales <anmorales@google.com> |
Write correct checksum when formatting partition
OEM unlock enabled bit is not computed in the checksum,
causing OEM Unlocking to be disabled after the second
reboot.
Bug: 19829441
Change-Id: I100bf5d3958b89323ee35b9e97b19c162209fcd7
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
| 1ce7d179bf00a9ebebef8aff0006d71469870c26 |
|
07-Jan-2015 |
Andres Morales <anmorales@google.com> |
Wipe FRP partition if OEM unlock enabled
Not all devices invoke recovery on every userdata wipe,
so we can't rely on code in the
recovery OS to do this. This results in fastboot -w
not properly wiping the FRP partition. This patch
fixes the issue by having the framework level service
check the OEM unlock enabled bit, and wiping the partition
if it is set.
Bug: 18644051
Change-Id: Id97a29916fe39561700912a920c5741109842bdb
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
| 6b0c7acd7f175552d90d1d73b9717ff347158e7d |
|
24-Nov-2014 |
Andres Morales <anmorales@google.com> |
Define permission for system apps to query size of block
Allows ManagedProvisioning to determine whether there's a
challenge and thus whether to disable NFC provisioning.
Other implementation option: new hidden boolean API method.
Can't think of benefit of new API method "isBlockInUse", other
than doesn't leak PDB size and is more explicitly tied to the
use case. Open to either impl if anyone has opinions on the matter.
Bug: 18508767
Change-Id: I28d2eb5a0837ff85cb91f140b17ce1dd843fe9d6
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
| 2830130770b0d010007d126f64756413f922974b |
|
12-Nov-2014 |
Andres Morales <anmorales@google.com> |
Add a checksum to FRP partition
It will be hard to mandate the contents
of the FRP partition out of factory. Further, for upgrading
units, it would require that OEMs format the partition and then store
a bit saying that they've done so. This adds another attack vector.
Now defeating FRP means either compromising the FRP partition
OR wherever the OEMs decide to store that bit.
This patch adds a checksum to the FRP partition. If the checksum
is not valid, the partition is wiped - disabling OEM unlock.
This ensures that no matter what data comes on the partition, we will
always disable OEM unlock by default. It also allows OEMs to not have to
worry about initializing the partition, as it happens automatically.
Bug: 18322021
Change-Id: Ib30782baa771591c30ea95054d3b83f36fc08cc2
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
| a31c23da300b5d1f4b1fc261bb0dcb1fee9b61f1 |
|
30-Oct-2014 |
Andres Morales <anmorales@google.com> |
Only allow USER_OWNER to access PDB and change OEM unlock ability
Bug:18191568
Change-Id: Ie09823945af04accead99216580efc958bf6aefe
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
| 514c58045980998909883bfed5810c9508fd2f7b |
|
13-Sep-2014 |
Guang Zhu <guangzhu@google.com> |
do not allow monkey to flip OEM unlock flag
Bug: 11435021
Change-Id: I3a6865bc6c9fde245d8f4af3230716eac4a3f1b1
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
| 6429f313b4248a010bb197993bbdb16629459d69 |
|
05-Aug-2014 |
Andres Morales <anmorales@google.com> |
Allow PersistentDataBlockService to be used with all users
Bug: 16795591
Change-Id: Id5e5dc5c26408752fe85f6f6fc2c67d9408b6a2a
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
| 963295ea105314e28e4ca9563aa09cb7440de4c3 |
|
11-Jul-2014 |
Andres Morales <anmorales@google.com> |
Permit settings to "wipe" the persistent partition
One of the requirements is that when the user does a
factory reset through settings, all data on the
persistent partition should be cleared.
This adds one last API method that allows settings
to wipe the partition.
Bug: 14288780
Change-Id: Ib87ee741d1e5195814516ae1d66eb7c4cf754dcf
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
| 68d4acd205e8c2da524e62734ca42847306cc029 |
|
02-Jul-2014 |
Andres Morales <anmorales@google.com> |
Service for reading and writing blocks to PST partition
Permits apps with permission
android.permission.ACCESS_PERSISTENT_PARTITION to obtain
a read and write data blocks to the PST partition.
Only one block ever exists at one time in PST. When
a client writes another block, the previous one is
overwritten.
This permits storing a block of data that will live
across factory resets.
Change-Id: I8f23df3531f3c0512118eb4b7530eff8a8e81c83
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|