d2b21047c8c133d99cbd4821a5dc88f60d933445 |
|
03-Jun-2016 |
Amith Yamasani <yamasani@google.com> |
Add a separate read permission for oem unlock state New privileged permission READ_OEM_UNLOCK_STATE added for system privileged apps. Changing the unlock state still requires the old permission OEM_UNLOCK_STATE, which is signature protected. Bug: 28953956 Change-Id: Iedd2ad1d2d1dc3ae91122d7c406e3ee623a47d61
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
74e9b18b2de2127e081b170cdd4622193cfb7543 |
|
22-Feb-2016 |
Andres Morales <anmorales@google.com> |
Add SystemApi for retrieving device flash lock state Bug: 26039090 Change-Id: Ib51c4862d897cc91a0788379c761ed49a2adf271
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
c5967e9862489024c932b0c7fcb84ed0af2a7fd7 |
|
08-Jan-2016 |
Jeff Sharkey <jsharkey@android.com> |
More progress on triaging PackageManager callers. Catch a bunch of simple cases where the PackageManager flags are obvious. Add the ability to use the MATCH_SYSTEM_ONLY flag on PackageInfo and ApplicationInfo queries. Re-examine recent tasks after a user is unlocked, since some of the activities may now be available and runnable. Bug: 26471205, 26253870 Change-Id: I989d9f8409070e5cae13202b47e2c7de85bf4a5b
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
e06b4d1d9f718b9fe02980fea794a36831a16db2 |
|
06-Jan-2016 |
Jeff Sharkey <jsharkey@android.com> |
Consistent naming for PackageManager methods. When hidden PackageManager methods take a userId argument, they should be named explicitly with the "AsUser" suffix. This fixes several lagging examples so that we can pave the way to safely start passing flags to new methods without scary overloading. Also fix spacing issues in various logging statements. Change-Id: I1e42f7f66427410275df713bea04f6e0445fba28
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
f06607882ff4bfdb4c0ada981193e567b9242f57 |
|
02-Sep-2015 |
Xiaohui Chen <xiaohuic@google.com> |
Cleanup USER_OWNER in PDB Service This assumes that the calling uid is always from user 0, even in split system user mode. Bug: 19913735 Change-Id: I99b6a0ca534ac1627c1abb8609c92ff74a5aeabf
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
09ad6bfe9619ff7a61209131f1f3182d53d840d0 |
|
02-Jun-2015 |
Craig Lafayette <craiglafa@google.com> |
Remove FRP wipe support for device initializers - Remove ManagedProvisioning NFC parameter key from DevicePolicyManager - Remove wipeIfAllowed from PersistentDataBlockManager Bug: 21558883 Change-Id: I59354b7bb1ef7e0b0346ff9a7d1654780231dff0
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
66445a639dc134d09393f5069b7683ec36d4cd07 |
|
27-Mar-2015 |
Craig Lafayette <craiglafa@google.com> |
Reset protection in PersistentDataBlockManager Add method to allow authorized data block wipe in support of factory reset protection. This will allow ManagedProvisioning to respond to and pass factory reset protection challenges during automated device setup. - Adds the wipeIfAllowed method to clear the data block - Creates a protected-broadcast to send to allowed package Bug: 19792435 Change-Id: I897f2ea2afb1222a1fc8ac49290ee45ea4d3f2d7
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
fb5dcacf41479434c497f1934646d0110ab73089 |
|
27-Mar-2015 |
Andres Morales <anmorales@google.com> |
Merge "Add system prop to track if oem unlock is allowed"
|
5ca4cc576145466e616f236e63215e2fe33df91c |
|
20-Mar-2015 |
Andres Morales <anmorales@google.com> |
Add system prop to track if oem unlock is allowed This state is never trusted, but it permits us to build more appropriately message the user if their device is in a state where its OK to reset. Change-Id: I26cc0f928d7fdeff8837e4c2c4b8859fede7846d
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
c8f952ce9f9cadc0d38745e455c0a6388bc68a47 |
|
19-Mar-2015 |
Andres Morales <anmorales@google.com> |
Write correct checksum when formatting partition OEM unlock enabled bit is not computed in the checksum, causing OEM Unlocking to be disabled after the second reboot. Bug: 19829441 Change-Id: I100bf5d3958b89323ee35b9e97b19c162209fcd7
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
1ce7d179bf00a9ebebef8aff0006d71469870c26 |
|
07-Jan-2015 |
Andres Morales <anmorales@google.com> |
Wipe FRP partition if OEM unlock enabled Not all devices invoke recovery on every userdata wipe, so we can't rely on code in the recovery OS to do this. This results in fastboot -w not properly wiping the FRP partition. This patch fixes the issue by having the framework level service check the OEM unlock enabled bit, and wiping the partition if it is set. Bug: 18644051 Change-Id: Id97a29916fe39561700912a920c5741109842bdb
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
6b0c7acd7f175552d90d1d73b9717ff347158e7d |
|
24-Nov-2014 |
Andres Morales <anmorales@google.com> |
Define permission for system apps to query size of block Allows ManagedProvisioning to determine whether there's a challenge and thus whether to disable NFC provisioning. Other implementation option: new hidden boolean API method. Can't think of benefit of new API method "isBlockInUse", other than doesn't leak PDB size and is more explicitly tied to the use case. Open to either impl if anyone has opinions on the matter. Bug: 18508767 Change-Id: I28d2eb5a0837ff85cb91f140b17ce1dd843fe9d6
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
2830130770b0d010007d126f64756413f922974b |
|
12-Nov-2014 |
Andres Morales <anmorales@google.com> |
Add a checksum to FRP partition It will be hard to mandate the contents of the FRP partition out of factory. Further, for upgrading units, it would require that OEMs format the partition and then store a bit saying that they've done so. This adds another attack vector. Now defeating FRP means either compromising the FRP partition OR wherever the OEMs decide to store that bit. This patch adds a checksum to the FRP partition. If the checksum is not valid, the partition is wiped - disabling OEM unlock. This ensures that no matter what data comes on the partition, we will always disable OEM unlock by default. It also allows OEMs to not have to worry about initializing the partition, as it happens automatically. Bug: 18322021 Change-Id: Ib30782baa771591c30ea95054d3b83f36fc08cc2
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
a31c23da300b5d1f4b1fc261bb0dcb1fee9b61f1 |
|
30-Oct-2014 |
Andres Morales <anmorales@google.com> |
Only allow USER_OWNER to access PDB and change OEM unlock ability Bug:18191568 Change-Id: Ie09823945af04accead99216580efc958bf6aefe
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
514c58045980998909883bfed5810c9508fd2f7b |
|
13-Sep-2014 |
Guang Zhu <guangzhu@google.com> |
do not allow monkey to flip OEM unlock flag Bug: 11435021 Change-Id: I3a6865bc6c9fde245d8f4af3230716eac4a3f1b1
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
6429f313b4248a010bb197993bbdb16629459d69 |
|
05-Aug-2014 |
Andres Morales <anmorales@google.com> |
Allow PersistentDataBlockService to be used with all users Bug: 16795591 Change-Id: Id5e5dc5c26408752fe85f6f6fc2c67d9408b6a2a
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
963295ea105314e28e4ca9563aa09cb7440de4c3 |
|
11-Jul-2014 |
Andres Morales <anmorales@google.com> |
Permit settings to "wipe" the persistent partition One of the requirements is that when the user does a factory reset through settings, all data on the persistent partition should be cleared. This adds one last API method that allows settings to wipe the partition. Bug: 14288780 Change-Id: Ib87ee741d1e5195814516ae1d66eb7c4cf754dcf
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|
68d4acd205e8c2da524e62734ca42847306cc029 |
|
02-Jul-2014 |
Andres Morales <anmorales@google.com> |
Service for reading and writing blocks to PST partition Permits apps with permission android.permission.ACCESS_PERSISTENT_PARTITION to obtain a read and write data blocks to the PST partition. Only one block ever exists at one time in PST. When a client writes another block, the previous one is overwritten. This permits storing a block of data that will live across factory resets. Change-Id: I8f23df3531f3c0512118eb4b7530eff8a8e81c83
/frameworks/base/services/core/java/com/android/server/PersistentDataBlockService.java
|