diff options
author | Siyamed Sinir <siyamed@google.com> | 2017-09-13 12:19:41 -0700 |
---|---|---|
committer | mse1969 <mse1969@posteo.de> | 2018-02-11 17:35:09 +0100 |
commit | a5fe577fb0a7134fed74005dbac546f9b490dba4 (patch) | |
tree | b9a7e24071f3d5971224480c3fdbef0bed8fe231 | |
parent | e1607fac2414539a76b754b124716e26549fbb09 (diff) | |
download | frameworks_base-a5fe577fb0a7134fed74005dbac546f9b490dba4.tar.gz frameworks_base-a5fe577fb0a7134fed74005dbac546f9b490dba4.tar.bz2 frameworks_base-a5fe577fb0a7134fed74005dbac546f9b490dba4.zip |
Fix ClipboardService device lock check for cross profile
ClipboardService.isDeviceLocked should clear callingIdentity before
accessing KeyguardManager.
Test: bit CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.ManagedProfileTest
Bug: 64934810
Change-Id: I712abfe8d542cd1be9c1816f407c8912321ac480
CVE-2017-0846
-rw-r--r-- | services/core/java/com/android/server/clipboard/ClipboardService.java | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/services/core/java/com/android/server/clipboard/ClipboardService.java b/services/core/java/com/android/server/clipboard/ClipboardService.java index 96a66b34421..636f2f56674 100644 --- a/services/core/java/com/android/server/clipboard/ClipboardService.java +++ b/services/core/java/com/android/server/clipboard/ClipboardService.java @@ -309,15 +309,22 @@ public class ClipboardService extends IClipboard.Stub { private boolean isDeviceLocked() { boolean isLocked = false; - KeyguardManager keyguardManager = (KeyguardManager) mContext.getSystemService(Context.KEYGUARD_SERVICE); - boolean inKeyguardRestrictedInputMode = keyguardManager.inKeyguardRestrictedInputMode(); - if (inKeyguardRestrictedInputMode) { - isLocked = true; - } else { - PowerManager powerManager = (PowerManager)mContext.getSystemService(Context.POWER_SERVICE); - isLocked = !powerManager.isScreenOn(); - } - return isLocked; + final long token = Binder.clearCallingIdentity(); + try { + final KeyguardManager keyguardManager = (KeyguardManager) mContext.getSystemService( + Context.KEYGUARD_SERVICE); + boolean inKeyguardRestrictedInputMode = keyguardManager.inKeyguardRestrictedInputMode(); + if (inKeyguardRestrictedInputMode) { + isLocked = true; + } else { + PowerManager powerManager = (PowerManager)mContext.getSystemService( + Context.POWER_SERVICE); + isLocked = !powerManager.isScreenOn(); + } + return isLocked; + } finally { + Binder.restoreCallingIdentity(token); + } } private final void checkUriOwnerLocked(Uri uri, int uid) { |