1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.oemlock; 18 19 import android.annotation.Nullable; 20 import android.content.Context; 21 import android.os.UserHandle; 22 import android.os.UserManager; 23 import android.service.persistentdata.PersistentDataBlockManager; 24 import android.util.Slog; 25 26 /** 27 * Implementation of the OEM lock using the persistent data block to communicate with the 28 * bootloader. 29 * 30 * The carrier flag is stored as a user restriction on the system user. The user flag is set in the 31 * presistent data block but depends on the carrier flag. 32 */ 33 class PersistentDataBlockLock extends OemLock { 34 private static final String TAG = "OemLock"; 35 36 private Context mContext; 37 38 PersistentDataBlockLock(Context context) { 39 mContext = context; 40 } 41 42 @Override 43 void setOemUnlockAllowedByCarrier(boolean allowed, @Nullable byte[] signature) { 44 // Note: this implementation does not require a signature 45 if (signature != null) { 46 Slog.w(TAG, "Signature provided but is not being used"); 47 } 48 49 // Continue using user restriction for backwards compatibility 50 UserManager.get(mContext).setUserRestriction( 51 UserManager.DISALLOW_OEM_UNLOCK, !allowed, UserHandle.SYSTEM); 52 53 if (!allowed) { 54 disallowUnlockIfNotUnlocked(); 55 } 56 } 57 58 @Override 59 boolean isOemUnlockAllowedByCarrier() { 60 return !UserManager.get(mContext) 61 .hasUserRestriction(UserManager.DISALLOW_OEM_UNLOCK, UserHandle.SYSTEM); 62 } 63 64 @Override 65 void setOemUnlockAllowedByDevice(boolean allowedByDevice) { 66 // The method name is misleading as it really just means whether or not the device can be 67 // unlocked but doesn't actually do any unlocking. 68 final PersistentDataBlockManager pdbm = (PersistentDataBlockManager) 69 mContext.getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE); 70 pdbm.setOemUnlockEnabled(allowedByDevice); 71 } 72 73 @Override 74 boolean isOemUnlockAllowedByDevice() { 75 final PersistentDataBlockManager pdbm = (PersistentDataBlockManager) 76 mContext.getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE); 77 return pdbm.getOemUnlockEnabled(); 78 } 79 80 /** 81 * Update state to prevent the bootloader from being able to unlock the device unless the device 82 * has already been unlocked by the bootloader in which case it is too late as it would remain 83 * unlocked. 84 */ 85 private void disallowUnlockIfNotUnlocked() { 86 final PersistentDataBlockManager pdbm = (PersistentDataBlockManager) 87 mContext.getSystemService(Context.PERSISTENT_DATA_BLOCK_SERVICE); 88 if (pdbm.getFlashLockState() != PersistentDataBlockManager.FLASH_LOCK_UNLOCKED) { 89 pdbm.setOemUnlockEnabled(false); 90 } 91 } 92 } 93