Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_base / 19db3fab2459446b43cef5e18f1f7ce203a1b21a
commit19db3fab2459446b43cef5e18f1f7ce203a1b21a[log] [tgz]
authorShawn Willden <swillden@google.com>Mon Feb 12 18:08:20 2024 -0700
committerShawn Willden <swillden@google.com>Tue Feb 13 22:26:16 2024 -0700
treef5fc5b576f4aefc0f4e21b68d795fc79d2dadfb4
parentcee75dc22a05b2b46b8ff2bd509d544dd0a5b701 [diff]
Update LockSettingsService to support hardened FRP

This change does three things:

1.  Broadcasts a new protected intent to notify system apps such as
    GMSCore of LSKF changes so they can react by updating FRP data.
2.  Deactivates FRP (if active) when LSKF authentication is performed
    using the FRP credential.
3.  Modifies LockSettingsService to use the new PDB API to query for
    FRP status, rather than relying on the SECURE_FRP_MODE property,
    which can more easily be manipulated by attackers.

Ignore-AOSP-First: Depends on internal changes that can't go into AOSP yet.
Bug: 290312729
Test: atest com.android.server.locksettings
Change-Id: If15ab387e86b5cdcf271085d414ce39ff3a04a83
9 files changed
tree: f5fc5b576f4aefc0f4e21b68d795fc79d2dadfb4
  1. .prebuilt_info/
  2. apct-tests/
  3. apex/
  4. api/
  5. boot/
  6. cmds/
  7. config/
  8. core/
  9. data/
  10. docs/
  11. drm/
  12. errorprone/
  13. graphics/
  14. identity/
  15. keystore/
  16. libs/
  17. location/
  18. media/
  19. mime/
  20. mms/
  21. native/
  22. nfc/
  23. nfc-extras/
  24. obex/
  25. omapi/
  26. opengl/
  27. packages/
  28. proto/
  29. ravenwood/
  30. rs/
  31. samples/
  32. sax/
  33. services/
  34. startop/
  35. telecomm/
  36. telephony/
  37. test-base/
  38. test-legacy/
  39. test-mock/
  40. test-runner/
  41. tests/
  42. tools/
  43. wifi/
  44. .clang-format
  45. .gitignore
  46. .mailmap
  47. AconfigFlags.bp
  48. ADPF_OWNERS
  49. Android.bp
  50. Android.mk
  51. BAL_OWNERS
  52. BATTERY_STATS_OWNERS
  53. BROADCASTS_OWNERS
  54. CleanSpec.mk
  55. framework-jarjar-rules.txt
  56. GAME_MANAGER_OWNERS
  57. INPUT_OWNERS
  58. INTENT_OWNERS
  59. ktfmt_includes.txt
  60. lint-baseline.xml
  61. MEMORY_OWNERS
  62. METADATA
  63. MODULE_LICENSE_APACHE2
  64. MULTIUSER_OWNERS
  65. NOTICE
  66. OWNERS
  67. OWNERS.md
  68. PACKAGE_MANAGER_OWNERS
  69. pathmap.mk
  70. PERFORMANCE_OWNERS
  71. PREUPLOAD.cfg
  72. ProtoLibraries.bp
  73. Ravenwood.bp
  74. SECURITY_STATE_OWNERS
  75. SQLITE_OWNERS
  76. TEST_MAPPING
  77. TestProtoLibraries.bp
  78. THERMAL_OWNERS
  79. TRACE_OWNERS
  80. WEAR_OWNERS
  81. ZYGOTE_OWNERS